0.3.0-alpha2: fix edge case where trifid would issue certs that outlive the CA sometimes
This commit is contained in:
parent
51bb540ab4
commit
0b807b351d
|
@ -3135,7 +3135,7 @@ dependencies = [
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "trifid-api"
|
name = "trifid-api"
|
||||||
version = "0.3.0-alpha1"
|
version = "0.3.0-alpha2"
|
||||||
dependencies = [
|
dependencies = [
|
||||||
"actix-cors",
|
"actix-cors",
|
||||||
"actix-web",
|
"actix-web",
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
[package]
|
[package]
|
||||||
name = "trifid-api"
|
name = "trifid-api"
|
||||||
version = "0.3.0-alpha1"
|
version = "0.3.0-alpha2"
|
||||||
authors = ["core <core@e3t.cc>"]
|
authors = ["core <core@e3t.cc>"]
|
||||||
edition = "2021"
|
edition = "2021"
|
||||||
description = "An open-source reimplementation of the Defined Networking API server"
|
description = "An open-source reimplementation of the Defined Networking API server"
|
||||||
|
|
|
@ -4,9 +4,9 @@
|
||||||
// Review carefully what you write here!
|
// Review carefully what you write here!
|
||||||
|
|
||||||
use crate::crypt::sign_cert_with_ca;
|
use crate::crypt::sign_cert_with_ca;
|
||||||
use crate::models::{Host, HostKey, HostOverride, Network, Role, RoleFirewallRule, SigningCA};
|
use crate::models::{Host, HostKey, HostOverride, Network, RoleFirewallRule, SigningCA};
|
||||||
use crate::schema::{
|
use crate::schema::{
|
||||||
host_keys, host_overrides, hosts, networks, role_firewall_rules, roles, signing_cas,
|
host_keys, host_overrides, hosts, networks, role_firewall_rules, signing_cas,
|
||||||
};
|
};
|
||||||
use crate::AppState;
|
use crate::AppState;
|
||||||
use actix_web::web::Data;
|
use actix_web::web::Data;
|
||||||
|
@ -109,6 +109,15 @@ pub async fn generate_config(
|
||||||
signature: vec![],
|
signature: vec![],
|
||||||
};
|
};
|
||||||
|
|
||||||
|
let ca_cert: NebulaCertificate = serde_json::from_value(signing_ca.cert.clone()).unwrap();
|
||||||
|
|
||||||
|
if cert.details.not_before < ca_cert.details.not_before {
|
||||||
|
cert.details.not_before = ca_cert.details.not_before;
|
||||||
|
}
|
||||||
|
if cert.details.not_after > ca_cert.details.not_after {
|
||||||
|
cert.details.not_after = ca_cert.details.not_after;
|
||||||
|
}
|
||||||
|
|
||||||
sign_cert_with_ca(signing_ca, &mut cert, &state.config).unwrap();
|
sign_cert_with_ca(signing_ca, &mut cert, &state.config).unwrap();
|
||||||
|
|
||||||
let all_blocked_hosts = hosts::dsl::hosts
|
let all_blocked_hosts = hosts::dsl::hosts
|
||||||
|
|
Loading…
Reference in New Issue