jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

lint

Browse Source
This commit is contained in:
Girish Ramakrishnan
2017-11-27 10:39:42 -08:00
parent 172d5bbdff
commit b6c20877ea
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/certificates.js
+3 -3
View File
@@ -286,9 +286,9 @@ function validateCertificate(cert, key, fqdn) {
// if no match, check alt names // if no match, check alt names
if (result.indexOf('does match certificate') === -1) { if (result.indexOf('does match certificate') === -1) {
// https://github.com/drwetter/testssl.sh/pull/383 // https://github.com/drwetter/testssl.sh/pull/383
var cmd = `openssl x509 -noout -text | grep -A3 "Subject Alternative Name" | \ var cmd = 'openssl x509 -noout -text | grep -A3 "Subject Alternative Name" | \
grep "DNS:" | \ grep "DNS:" | \
sed -e "s/DNS://g" -e "s/ //g" -e "s/,/ /g" -e "s/othername:<unsupported>//g"`; sed -e "s/DNS://g" -e "s/ //g" -e "s/,/ /g" -e "s/othername:<unsupported>//g"';
result = safe.child_process.execSync(cmd, { encoding: 'utf8', input: cert }); result = safe.child_process.execSync(cmd, { encoding: 'utf8', input: cert });
var altNames = result ? [ ] : result.trim().split(' '); // might fail if cert has no SAN var altNames = result ? [ ] : result.trim().split(' '); // might fail if cert has no SAN
debug('validateCertificate: detected altNames as %j', altNames); debug('validateCertificate: detected altNames as %j', altNames);
@@ -302,7 +302,7 @@ function validateCertificate(cert, key, fqdn) {
var keyModulus = safe.child_process.execSync('openssl rsa -noout -modulus', { encoding: 'utf8', input: key }); var keyModulus = safe.child_process.execSync('openssl rsa -noout -modulus', { encoding: 'utf8', input: key });
if (certModulus !== keyModulus) return new Error('Key does not match the certificate.'); if (certModulus !== keyModulus) return new Error('Key does not match the certificate.');
// check expiration // check expiration
result = safe.child_process.execSync('openssl x509 -checkend 0', { encoding: 'utf8', input: cert }); result = safe.child_process.execSync('openssl x509 -checkend 0', { encoding: 'utf8', input: cert });
if (!result) return new Error('Certificate is expired.'); if (!result) return new Error('Certificate is expired.');