Skip to content

Commit

Permalink
Merge pull request #60 from NethServer/sdl-6937-fix
Browse files Browse the repository at this point in the history 
Compare md5 of public keys for certificate validation NethServer/dev#6937
  • Loading branch information
@stephdl
stephdl authored May 30, 2024
2 parents 086c4d8 + e78b125 commit 44b482f
Showing 1 changed file with 6 additions and 4 deletions.
10 changes: 6 additions & 4 deletions imageroot/actions/upload-certificate/21validate_certificates
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,10 +41,12 @@ if ! openssl x509 -text -noout -in $CERT_FILE >/dev/null 2>&1; then
exit 4
fi

# check if cert is provided by key
cert_hash="$(openssl x509 -noout -modulus -in $CERT_FILE | openssl md5)"
key_hash="$(openssl $TYPE_KEY -noout -modulus -in $KEY_FILE | openssl md5)"
if [ "$cert_hash" != "$key_hash" ]; then
# check if cert is provided by key (we compare md5 of public keys)
cert_public_key="$(openssl x509 -noout -pubkey -in $CERT_FILE | openssl md5)"
key_public_key="$(openssl pkey -pubout -in $KEY_FILE | openssl md5)"


if [ "$cert_public_key" != "$key_public_key" ]; then
echo "Key didn't generate certificate."
del_certs
exit 3
Expand Down

0 comments on commit 44b482f

Please sign in to comment.