upstream/certbot
1
0
Fork 0
mirror of https://github.com/certbot/certbot.git synced 2026-06-13 10:40:10 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

add two notes

Browse source
This commit is contained in:
Seth Schoen 2012-06-01 00:05:10 -07:00
parent 4e93c24e49
commit 1b6ffaecc2
1 changed files with 6 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
webserver/CSR.py
View file

@ -79,6 +79,9 @@ def can_sign(name):
def verify(key, data):
"""What string was validly signed by this public key? (or None)"""
# Note: Only relatively short strings will work, so we normally
# sign a hash of the signed data rather than signing the signed
# data directly.
with tempfile.NamedTemporaryFile() as tmp:
tmp.write(key)
tmp.flush()
@ -99,4 +102,7 @@ def sign(key, data):
def issue(csr):
"""Issue the certificate requested by this CSR and return it!"""
# TODO: a real CA should severely restrict the content of the cert, not
# just grant what's asked for. (For example, the CA shouldn't trust
# all the data in the subject field if it hasn't been validated.)
return "-----BEGIN CERTIFICATE-----\nThanks for the shrubbery!\n-----END CERTIFICATE-----"