summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMagnus Ahltorp <map@kth.se>2015-08-05 00:12:50 +0200
committerMagnus Ahltorp <map@kth.se>2015-08-05 00:16:07 +0200
commit7f4f3e0cf8e6a8ec996fd179aba92c63ef9b0236 (patch)
treec5191c421f63621a206518673d1a3b9d631b0021
parent88c9e77bd30d723a02e4cc43ee39be9259f08033 (diff)
Fix precert storage bug (CATLFISH-56).
-rw-r--r--Makefile2
-rw-r--r--src/catlfish.erl28
2 files changed, 20 insertions, 10 deletions
diff --git a/Makefile b/Makefile
index 4762424..f7f27a9 100644
--- a/Makefile
+++ b/Makefile
@@ -90,6 +90,8 @@ tests-run:
@(cd $(INSTDIR) && python ../tools/merge.py --config ../test/catlfish-test.cfg --localconfig ../test/catlfish-test-local-merge.cfg) || (echo "Merge failed" ; false)
@diff -r -x nursery -x verifiedsize catlfish/tests/mergedb catlfish/tests/mergedb-secondary || (echo "Merge databases not matching" ; false)
@(cd $(INSTDIR) && python ../tools/check-sth.py --publickey=tests/keys/logkey.pem --cafile tests/httpsca/demoCA/cacert.pem https://localhost:8080/) || (echo "Check failed" ; false)
+ @(cd $(INSTDIR) && mkdir fetchcertstore)
+ @(cd $(INSTDIR) && python ../tools/fetchallcerts.py $(BASEURL) --store fetchcertstore --publickey=tests/keys/logkey.pem --cafile tests/httpsca/demoCA/cacert.pem) || (echo "Verification failed" ; false)
tests-run2:
@(cd $(INSTDIR) ; python ../tools/verifysct.py --sct-file=submittedcerts --parallel 1 $(BASEURL) --publickey=tests/keys/logkey.pem --cafile tests/httpsca/demoCA/cacert.pem) || echo "Verification of SCT:s failed"
diff --git a/src/catlfish.erl b/src/catlfish.erl
index e48f788..c6e16bb 100644
--- a/src/catlfish.erl
+++ b/src/catlfish.erl
@@ -126,17 +126,22 @@ add_to_db(Type, LeafCert, CertChain, EntryHash) ->
MTLHash = ht:leaf_hash(MTLText),
ExtraData =
case Type of
- normal -> CertChain;
- precert -> [LeafCert | CertChain]
+ normal -> encode_tls_vector(
+ list_to_binary(
+ [encode_tls_vector(C, 3) || C <- CertChain]),
+ 3);
+ precert ->
+ list_to_binary(
+ [encode_tls_vector(LeafCert, 3),
+ encode_tls_vector(
+ list_to_binary(
+ [encode_tls_vector(C, 3) || C <- CertChain]), 3)])
end,
LogEntry =
list_to_binary(
[encode_tls_vector(MTLText, 4),
encode_tls_vector(
- encode_tls_vector(
- list_to_binary(
- [encode_tls_vector(C, 3) || C <- ExtraData]),
- 3),
+ ExtraData,
4)]),
ok = plop:add(LogEntry, MTLHash, EntryHash),
{TSE, MTLHash}.
@@ -261,20 +266,23 @@ deserialise_extra_data(ExtraData) ->
chain_from_mtl_extradata(MTL, ExtraData) ->
TimestampedEntry = MTL#mtl.entry,
- Chain = deserialise_extra_data(ExtraData),
case TimestampedEntry#timestamped_entry.entry_type of
x509_entry ->
+ {CHN, <<>>} = decode_tls_vector(ExtraData, 3),
+ Chain = deserialise_extra_data(CHN),
SignedEntry = TimestampedEntry#timestamped_entry.signed_entry,
[SignedEntry#signed_x509_entry.asn1_cert | Chain];
precert_entry ->
- Chain
+ {EEC, Rest} = decode_tls_vector(ExtraData, 3),
+ {CHN, <<>>} = decode_tls_vector(Rest, 3),
+ Chain = deserialise_extra_data(CHN),
+ [EEC | Chain]
end.
mtl_and_extra_from_entry(Entry) ->
{MTLText, ExtraDataPacked} = unpack_entry(Entry),
- {ExtraData, <<>>} = decode_tls_vector(ExtraDataPacked, 3),
MTL = deserialise_mtl(MTLText),
- {MTL, ExtraData}.
+ {MTL, ExtraDataPacked}.
verify_mtl(MTL, LeafCert, CertChain) ->
Timestamp = MTL#mtl.entry#timestamped_entry.timestamp,