diff options
| author | Carl Hetherington <cth@carlh.net> | 2016-08-25 14:42:37 +0100 |
|---|---|---|
| committer | Carl Hetherington <cth@carlh.net> | 2016-08-25 14:42:37 +0100 |
| commit | bb7917d2ea06e6eaa566b00a279e9b5a6a351fc9 (patch) | |
| tree | 8354e0b83aa707c7ef8a50d6609e07787ec61554 | |
| parent | e2d0781d45fccd67649a8943f1fb45442f5d2cbc (diff) | |
Take the leaf of a certificate chain if one is provided
for a screen certificate (#937).
| -rw-r--r-- | ChangeLog | 5 | ||||
| -rw-r--r-- | cscript | 2 | ||||
| -rw-r--r-- | src/wx/config_dialog.cc | 5 | ||||
| -rw-r--r-- | src/wx/screen_dialog.cc | 5 |
4 files changed, 13 insertions, 4 deletions
@@ -1,3 +1,8 @@ +2016-08-25 c.hetherington <cth@carlh.net> + + * Fix silent acceptance of certificate chains where + single certificates are required (#937). + 2016-08-25 Carl Hetherington <cth@carlh.net> * Updated nl_NL translation from Rob van Nieuwkerk. @@ -237,7 +237,7 @@ def dependencies(target): ffmpeg_options = {} return (('ffmpeg-cdist', '1d4a1a4', ffmpeg_options), - ('libdcp', '04def4c'), + ('libdcp', 'ac6df08'), ('libsub', '067c21c')) def configure_options(target): diff --git a/src/wx/config_dialog.cc b/src/wx/config_dialog.cc index ac5d90296..0369070a7 100644 --- a/src/wx/config_dialog.cc +++ b/src/wx/config_dialog.cc @@ -773,8 +773,9 @@ private: if (d->ShowModal() == wxID_OK) { try { - dcp::Certificate c (dcp::file_to_string (wx_to_std (d->GetPath ()))); - if (c.extra_data ()) { + dcp::Certificate c; + string const extra = c.read_string (dcp::file_to_string (wx_to_std (d->GetPath ()))); + if (!extra.empty ()) { message_dialog ( this, _("This file contains other certificates (or other data) after its first certificate. " diff --git a/src/wx/screen_dialog.cc b/src/wx/screen_dialog.cc index e01b98962..0ecf223e6 100644 --- a/src/wx/screen_dialog.cc +++ b/src/wx/screen_dialog.cc @@ -25,6 +25,7 @@ #include "lib/compose.hpp" #include "lib/util.h" #include <dcp/exceptions.h> +#include <dcp/certificate_chain.h> #include <wx/filepicker.h> #include <wx/validate.h> #include <iostream> @@ -151,7 +152,9 @@ void ScreenDialog::load_recipient (boost::filesystem::path file) { try { - set_recipient (dcp::Certificate (dcp::file_to_string (file))); + /* Load this as a chain, in case it is one, and then pick the leaf certificate */ + dcp::CertificateChain c (dcp::file_to_string (file)); + set_recipient (c.leaf ()); } catch (dcp::MiscError& e) { error_dialog (this, wxString::Format (_("Could not read certificate file (%s)"), std_to_wx(e.what()).data())); } |