Verified Commit 63a7ae41 authored by Karel Koci's avatar Karel Koci 🤘

Don't validate uri options when they are inserted to context

It makes little to no sense to validate extra arguments when they are
pushed to sub-script context as if they would be invalid the target
script would already failed. This is just useless check and would add
complexity as it makes table from any argument passed to it so this way
it discards uri.system_cas and uri.no_crl and creates bugged system.
parent fbcf8327
......@@ -415,28 +415,14 @@ local allowed_script_extras = {
}
utils.table_merge(allowed_script_extras, allowed_extras_verification)
local function uri_validate(name, value, context)
if type(value) == 'string' then
value = {value}
end
if type(value) ~= 'table' then
error('bad value', name .. " must be string or table")
end
for _, u in ipairs(value) do
uri.parse(context, u)
end
end
--[[
We want to insert these options into the new context, if they exist.
The value may be a function, then it is used to validate the value
from the extra options.
]]
local script_insert_options = {
restrict = true,
pubkey = uri_validate,
ca = uri_validate,
crl = uri_validate,
pubkey = true,
ca = true,
crl = true,
ocsp = true
}
......@@ -505,9 +491,6 @@ function script(result, context, filler, script_uri, extra)
local merge = {}
for name, check in pairs(script_insert_options) do
if extra[name] ~= nil then
if type(check) == 'function' then
check(name, extra[name], context)
end
merge[name] = utils.clone(extra[name])
end
end
......
......@@ -184,10 +184,10 @@ function test_https_cert()
local u2 = uri(context, "https://api.turris.cz/", {verification = "cert", ca = "file:///dev/null", ocsp = false})
-- We may specify the ca as a table of possibilities
local u3 = uri(context, "https://api.turris.cz/", {verification = "cert", ca = {"file:///dev/null", ca_file}, ocsp = false})
-- nil ca should result in failure as api has certificate not added to standard paths
local u4 = uri(context, "https://api.turris.cz/", {verification = "cert", ocsp = false})
-- nil ca should result in success on repo as it's signed by common authority
local u5 = uri(context, "https://repo.turris.cz/", {verification = "cert"})
-- system_cas should result in failure as api has certificate not added to standard paths
local u4 = uri(context, "https://api.turris.cz/", {verification = "cert", ca = uri.system_cas, ocsp = false})
-- systam_cas should result in success on repo as it's signed by common authority
local u5 = uri(context, "https://repo.turris.cz/", {verification = "cert", ca = uri.system_cas})
-- We can specify crl
local u6 = uri(context, "https://api.turris.cz/", {verification = "cert", ca = ca_file, crl = crl_file, ocsp = false})
local ok1 = u1:get()
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment