check_ssl_config: verify pubkey
This commit is contained in:
parent
a9e74da11c
commit
aadffa0c8f
|
@ -337,14 +337,21 @@ def check_ssl_config(config):
|
||||||
cert_path = config.get('ssl_chain')
|
cert_path = config.get('ssl_chain')
|
||||||
with open(key_path, 'r') as f:
|
with open(key_path, 'r') as f:
|
||||||
params = pem.parse_private_key(f.read())
|
params = pem.parse_private_key(f.read())
|
||||||
privkey = rsakey.RSAKey(*params)
|
|
||||||
with open(cert_path, 'r') as f:
|
with open(cert_path, 'r') as f:
|
||||||
s = f.read()
|
s = f.read()
|
||||||
bList = pem.dePemList(s, "CERTIFICATE")
|
bList = pem.dePemList(s, "CERTIFICATE")
|
||||||
# verify chain
|
# verify chain
|
||||||
x, ca = verify_cert_chain(bList)
|
x, ca = verify_cert_chain(bList)
|
||||||
# verify pubkey
|
# verify that privkey and pubkey match
|
||||||
return x.get_common_name()
|
privkey = rsakey.RSAKey(*params)
|
||||||
|
pubkey = rsakey.RSAKey(x.modulus, x.exponent)
|
||||||
|
assert x.modulus == params[0]
|
||||||
|
assert x.exponent == params[1]
|
||||||
|
# return requestor
|
||||||
|
requestor = x.get_common_name()
|
||||||
|
if requestor.startswith('*.'):
|
||||||
|
requestor = requestor[2:]
|
||||||
|
return requestor
|
||||||
|
|
||||||
def sign_request_with_x509(pr, key_path, cert_path):
|
def sign_request_with_x509(pr, key_path, cert_path):
|
||||||
import pem
|
import pem
|
||||||
|
|
Loading…
Reference in New Issue