Commit 47acf71f authored by Vincent Pelletier's avatar Vincent Pelletier

client: Fix CRL updating.

CRL object comparison does not check the list of revoked certificates.
Instead, compare signatures as they are supposed to be all-inclusive.
parent 9e88ff13
...@@ -109,7 +109,7 @@ def updateCRLFile(url, crl_path, ca_list): ...@@ -109,7 +109,7 @@ def updateCRLFile(url, crl_path, ca_list):
ca_url=url, ca_url=url,
).getCertificateRevocationList() ).getCertificateRevocationList()
latest_crl = utils.load_crl(latest_crl_pem, ca_list) latest_crl = utils.load_crl(latest_crl_pem, ca_list)
if latest_crl != my_crl: if my_crl is None or latest_crl.signature != my_crl.signature:
with open(crl_path, 'w') as crl_file: with open(crl_path, 'w') as crl_file:
crl_file.write(latest_crl_pem) crl_file.write(latest_crl_pem)
return True return True
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment