Skip to content

Commit

Permalink
Improve validation for adding CSR to system's trusted store (#15242)
Browse files Browse the repository at this point in the history
This commit improves validation where we make sure a CSR cannot be added to system's trusted store as that does not actually materialize.
  • Loading branch information
sonicaj authored Dec 21, 2024
1 parent 23510bc commit 182c0bc
Showing 1 changed file with 6 additions and 1 deletion.
7 changes: 6 additions & 1 deletion src/middlewared/middlewared/plugins/crypto_/certificates.py
Original file line number Diff line number Diff line change
Expand Up @@ -623,7 +623,12 @@ async def do_update(self, job, id_, data):
'certificate_update.revoked',
'A CSR cannot be marked as revoked.'
)
elif new['revoked'] and not old['revoked'] and not new['can_be_revoked']:
if new['add_to_trusted_store'] and new['cert_type_CSR']:
verrors.add(
'certificate_update.add_to_trusted_store',
'A CSR cannot be added to the system\'s trusted store'
)
if new['revoked'] and not old['revoked'] and not new['can_be_revoked']:
verrors.add(
'certificate_update.revoked',
'Only certificate(s) can be revoked which have a CA present on the system'
Expand Down

0 comments on commit 182c0bc

Please sign in to comment.