New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
PEM file with multiple certificates #736
Conversation
@levi-blodgett could you test this PR with your firmware? |
@m-1-k-3 Sorry for the late response, didn't see this for a while. It seems to grab the cert files and some of the certs inside of the .pem files but doesn't parse the certs for the expiration dates properly, it still shows just the date of the first cert and formats off of that. Additionally, I am not confident it is parsing all certs inside of a file, mainly because after I made the bug report I found out there are also .crt files that can hold >1 cert, maybe this fork should be updated to just use the Two things to note about the output when using
I created a fork that works and will show each cert properly with their expiration dates, add the first 5 hexadecimal values from the signature, but the code is much more complex and less elegant than this solution as I didn't know that The fork is at: The two changed files on my fork are: These are the screenshots of the results of each run, using this fork and then on my fork: Please let me know if I can assist further, thanks. |
@levi-blodgett Thank you for your detailed reply! I will look into it. |
@HoxhaEndri drafted it, so you can finish the work before reviewing it again. |
@levi-blodgett I used openssl storeutl and kept its formatting, because I do not find it bad that each nested certificate gets an index. For the signature, I just keep the first line and exactly as you, I check the certificates that could expire within 2 years, however I do not know which time period would be the best to use. Now it should work like expected. |
@levi-blodgett and @HoxhaEndri looks really good. Thank you for your contribution. |
What kind of change does this PR introduce? (Bug fix, feature, docs update, ...)
All the certificates inside a single PEM file will be added to "$CERT_LOG", not just the first one.
openssl storeutl is the command doing the magic: https://www.openssl.org/docs/man1.1.1/man1/openssl-storeutl.html.
What is the current behavior? (You can also link to an open issue here)
Just the first certificate of a PEM file gets stored.
What is the new behavior (if this is a feature change)? If possible add a screenshot.
All certificates are stored
Does this PR introduce a breaking change? (What changes might users need to make in their application due to this PR?)
Other information:
fixes S60 Module - .pem files not getting iterated through for cert check #708