diff options
author | Magnus Ahltorp <map@kth.se> | 2015-08-05 00:12:50 +0200 |
---|---|---|
committer | Magnus Ahltorp <map@kth.se> | 2015-08-05 00:16:07 +0200 |
commit | 7f4f3e0cf8e6a8ec996fd179aba92c63ef9b0236 (patch) | |
tree | c5191c421f63621a206518673d1a3b9d631b0021 | |
parent | 88c9e77bd30d723a02e4cc43ee39be9259f08033 (diff) |
Fix precert storage bug (CATLFISH-56).
-rw-r--r-- | Makefile | 2 | ||||
-rw-r--r-- | src/catlfish.erl | 28 |
2 files changed, 20 insertions, 10 deletions
@@ -90,6 +90,8 @@ tests-run: @(cd $(INSTDIR) && python ../tools/merge.py --config ../test/catlfish-test.cfg --localconfig ../test/catlfish-test-local-merge.cfg) || (echo "Merge failed" ; false) @diff -r -x nursery -x verifiedsize catlfish/tests/mergedb catlfish/tests/mergedb-secondary || (echo "Merge databases not matching" ; false) @(cd $(INSTDIR) && python ../tools/check-sth.py --publickey=tests/keys/logkey.pem --cafile tests/httpsca/demoCA/cacert.pem https://localhost:8080/) || (echo "Check failed" ; false) + @(cd $(INSTDIR) && mkdir fetchcertstore) + @(cd $(INSTDIR) && python ../tools/fetchallcerts.py $(BASEURL) --store fetchcertstore --publickey=tests/keys/logkey.pem --cafile tests/httpsca/demoCA/cacert.pem) || (echo "Verification failed" ; false) tests-run2: @(cd $(INSTDIR) ; python ../tools/verifysct.py --sct-file=submittedcerts --parallel 1 $(BASEURL) --publickey=tests/keys/logkey.pem --cafile tests/httpsca/demoCA/cacert.pem) || echo "Verification of SCT:s failed" diff --git a/src/catlfish.erl b/src/catlfish.erl index e48f788..c6e16bb 100644 --- a/src/catlfish.erl +++ b/src/catlfish.erl @@ -126,17 +126,22 @@ add_to_db(Type, LeafCert, CertChain, EntryHash) -> MTLHash = ht:leaf_hash(MTLText), ExtraData = case Type of - normal -> CertChain; - precert -> [LeafCert | CertChain] + normal -> encode_tls_vector( + list_to_binary( + [encode_tls_vector(C, 3) || C <- CertChain]), + 3); + precert -> + list_to_binary( + [encode_tls_vector(LeafCert, 3), + encode_tls_vector( + list_to_binary( + [encode_tls_vector(C, 3) || C <- CertChain]), 3)]) end, LogEntry = list_to_binary( [encode_tls_vector(MTLText, 4), encode_tls_vector( - encode_tls_vector( - list_to_binary( - [encode_tls_vector(C, 3) || C <- ExtraData]), - 3), + ExtraData, 4)]), ok = plop:add(LogEntry, MTLHash, EntryHash), {TSE, MTLHash}. @@ -261,20 +266,23 @@ deserialise_extra_data(ExtraData) -> chain_from_mtl_extradata(MTL, ExtraData) -> TimestampedEntry = MTL#mtl.entry, - Chain = deserialise_extra_data(ExtraData), case TimestampedEntry#timestamped_entry.entry_type of x509_entry -> + {CHN, <<>>} = decode_tls_vector(ExtraData, 3), + Chain = deserialise_extra_data(CHN), SignedEntry = TimestampedEntry#timestamped_entry.signed_entry, [SignedEntry#signed_x509_entry.asn1_cert | Chain]; precert_entry -> - Chain + {EEC, Rest} = decode_tls_vector(ExtraData, 3), + {CHN, <<>>} = decode_tls_vector(Rest, 3), + Chain = deserialise_extra_data(CHN), + [EEC | Chain] end. mtl_and_extra_from_entry(Entry) -> {MTLText, ExtraDataPacked} = unpack_entry(Entry), - {ExtraData, <<>>} = decode_tls_vector(ExtraDataPacked, 3), MTL = deserialise_mtl(MTLText), - {MTL, ExtraData}. + {MTL, ExtraDataPacked}. verify_mtl(MTL, LeafCert, CertChain) -> Timestamp = MTL#mtl.entry#timestamped_entry.timestamp, |