Commit 21b16280 authored by ale's avatar ale

Fix CRL generation with older OpenSSL versions

The 'digest' argument to OpenSSL.crypto.CRL.export has only been added
in recent versions.
parent a03b822c
import OpenSSL
from OpenSSL import crypto
import logging
import os
......@@ -9,6 +10,12 @@ from autoca import certutil
log = logging.getLogger(__name__)
crl_export_args = {
'digest': 'sha256',
}
if OpenSSL.__version__.startswith('0.'):
crl_export_args = {}
class CA(object):
"""A Certification Authority stored on the local filesystem."""
......@@ -134,7 +141,7 @@ class CA(object):
crl.add_revoked(revoked)
self.storage.set_crl(
crl.export(self.ca_crt, self.ca_key, crypto.FILETYPE_PEM, 30,
digest='sha256'))
**crl_export_args))
self._load_crl()
def _load_crl(self):
......@@ -144,7 +151,7 @@ class CA(object):
crl = crypto.CRL()
self.crl_data_pem = crl.export(self.ca_crt, self.ca_key,
crypto.FILETYPE_PEM, 30,
digest='sha256')
**crl_export_args)
self.storage.set_crl(self.crl_data_pem)
# Re-read the CRL data in DER and PEM formats.
......
autoca (0.3.2) unstable; urgency=low
* Fix CRL generation with older OpenSSL versions.
-- Autistici/Inventati <debian@autistici.org> Sat, 2 Sep 2017 05:40:32 +0000
autoca (0.3.1) unstable; urgency=low
* Added command to update the CRL.
......
......@@ -4,7 +4,7 @@ from setuptools import setup, find_packages
setup(
name="autoca",
version="0.3.1",
version="0.3.2",
description="Automated CA management.",
author="Ale",
author_email="ale@incal.net",
......
......@@ -4,8 +4,8 @@ deps=
coverage
mox
commands=
nosetests \
--with-coverage --cover-package=autoca,autovpn --cover-erase --cover-html --cover-html-dir=htmlcov \
nosetests -v \
--with-coverage --cover-package=autoca --cover-erase --cover-html --cover-html-dir=htmlcov \
--with-xunit \
[] # substitute with tox' positional arguments
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment