[Rt-commit] rt branch, 4.4/support-openssl-crl-check, updated. rt-4.4.4-161-g45f8a9d922

Dianne Skoll dianne at bestpractical.com
Tue Nov 10 13:36:40 EST 2020 

The branch, 4.4/support-openssl-crl-check has been updated
       via  45f8a9d92221a0445fe4887ba86c23e5f30a23cd (commit)
      from  682a5f3c2219342f1cccd72750dd2f566b25d9b2 (commit)

Summary of changes:
 lib/RT/Crypt/SMIME.pm   | 5 +++--
 t/crypt/smime/revoked.t | 2 ++
 2 files changed, 5 insertions(+), 2 deletions(-)

- Log -----------------------------------------------------------------
commit 45f8a9d92221a0445fe4887ba86c23e5f30a23cd
Author: Dianne Skoll <dianne at skoll.ca>
Date:   Tue Nov 10 13:36:07 2020 -0500

    Add ' (revoked certificate)' to TrustTerse for revoked certs.

diff --git a/lib/RT/Crypt/SMIME.pm b/lib/RT/Crypt/SMIME.pm
index 236bd51b93..9521e39c80 100644
--- a/lib/RT/Crypt/SMIME.pm
+++ b/lib/RT/Crypt/SMIME.pm
@@ -1060,10 +1060,11 @@ sub RunOpenSSLVerify
         } elsif ($? == 0 or ($? >> 8) == 2) {
             if ($res->{stderr} =~ /certificate revoked/i) {
                 $res->{info}[0]{Trust} = "REVOKED certificate from CA $res->{info}[0]{Issuer}[0]{String}";
+                $res->{info}[0]{TrustTerse} = "none (revoked certificate)";
             } else {
                 $res->{info}[0]{Trust} = "UNTRUSTED signing CA $res->{info}[0]{Issuer}[0]{String}";
+                $res->{info}[0]{TrustTerse} = "none";
             }
-            $res->{info}[0]{TrustTerse} = "none";
             $res->{info}[0]{TrustLevel} = -1;
             $res->{exit_code} = $?;
         } else {
@@ -1161,7 +1162,7 @@ sub CheckRevocationUsingOCSP
 
     if ($out =~ /^-: revoked/) {
         $res->{info}[0]{Trust} = "REVOKED certificate checked against OCSP URI $ocsp_url";
-        $res->{info}[0]{TrustTerse} = "none";
+        $res->{info}[0]{TrustTerse} = "none (revoked certificate)";
         $res->{info}[0]{TrustLevel} = -1;
         $res->{exit_code} = 0;
         return 1;
diff --git a/t/crypt/smime/revoked.t b/t/crypt/smime/revoked.t
index 682a13825f..e88004c61a 100644
--- a/t/crypt/smime/revoked.t
+++ b/t/crypt/smime/revoked.t
@@ -36,6 +36,7 @@ my $crt;
 my %res;
 %res = RT::Crypt::SMIME->GetCertificateInfo(Certificate => $crt);
 is ($res{info}[0]{Trust}, 'REVOKED certificate checked against OCSP URI http://ocsp.digicert.com', 'Trust info indicates revoked certificate using OCSP');
+is ($res{info}[0]{TrustTerse}, 'none (revoked certificate)', 'TrustTerse indicates revoked certificate');
 
 # Now pretend we couldn't use OCSP
 {
@@ -43,6 +44,7 @@ is ($res{info}[0]{Trust}, 'REVOKED certificate checked against OCSP URI http://o
     *RT::Crypt::SMIME::CheckRevocationUsingOCSP = sub { return undef; };
     %res = RT::Crypt::SMIME->GetCertificateInfo(Certificate => $crt);
     is ($res{info}[0]{Trust}, 'REVOKED certificate from CA DigiCert SHA2 Secure Server CA', 'Trust info indicates revoked certificate using CRL');
+    is ($res{info}[0]{TrustTerse}, 'none (revoked certificate)', 'TrustTerse indicates revoked certificate');
 }
 
 done_testing;

-----------------------------------------------------------------------

More information about the rt-commit mailing list