admin/webrtc_m130
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Adapt generate_sslroots.py to work with different openssl versions

Browse Source 
Command [1] on openssl 1.1.1m and newer generates output
containing "unsigned char the_(subject_name|public_key|certificate)"
records, making it incompatible with current version of the script
that relies on "unsigned char XXX_".

This patch handles both cases by using regular expression so as
to match strings and provide an adequate replacement.

[1] - openssl x509 -in <path-to-cacert.pem> -noout -C

Bug: webrtc:11710
Change-Id: I46b87d2980ec2dd26660b93fcf9019254950ce12
Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/257420
Reviewed-by: Harald Alvestrand <hta@webrtc.org>
Reviewed-by: Taylor Brandstetter <deadbeef@webrtc.org>
Reviewed-by: Christoffer Jansson <jansson@webrtc.org>
Commit-Queue: Christoffer Jansson <jansson@webrtc.org>
Cr-Commit-Position: refs/heads/main@{#38173}
This commit is contained in:
Raman Budny 2022-04-01 10:18:32 +00:00 committed by WebRTC LUCI CQ
parent ef7359e679
commit 9790e546fc
1 changed files with 9 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
tools_webrtc/sslroots/generate_sslroots.py
View File

@ -147,19 +147,22 @@ def _CreateCertSection(root_dir, source_file, label, options):
command = 'openssl x509 -in %s%s -noout -C' % (root_dir, source_file)
_PrintOutput(command, options)
output = subprocess.getstatusoutput(command)[1]
renamed_output = output.replace('unsigned char XXX_',
'const unsigned char ' + label + '_')
decl_block = 'unsigned char .*_(%s|%s|%s)' %\
(_SUBJECT_NAME_ARRAY, _PUBLIC_KEY_ARRAY, _CERTIFICATE_ARRAY)
prog = re.compile(decl_block, re.IGNORECASE)
renamed_output = prog.sub('const unsigned char ' + label + r'_\1', output)
filtered_output = ''
cert_block = '^const unsigned char.*?};$'
prog = re.compile(cert_block, re.IGNORECASE | re.MULTILINE | re.DOTALL)
prog2 = re.compile(cert_block, re.IGNORECASE | re.MULTILINE | re.DOTALL)
if not options.full_cert:
filtered_output = prog.sub('', renamed_output, count=2)
filtered_output = prog2.sub('', renamed_output, count=2)
else:
filtered_output = renamed_output
cert_size_block = r'\d\d\d+'
prog2 = re.compile(cert_size_block, re.MULTILINE | re.VERBOSE)
result = prog2.findall(renamed_output)
prog3 = re.compile(cert_size_block, re.MULTILINE | re.VERBOSE)
result = prog3.findall(renamed_output)
cert_size = result[len(result) - 1]
return filtered_output, cert_size