diff options
| author | Rob Austein <sra@hactrn.net> | 2009-06-29 20:17:20 +0000 |
|---|---|---|
| committer | Rob Austein <sra@hactrn.net> | 2009-06-29 20:17:20 +0000 |
| commit | 99121d4dac2b6a8f5a17ba72ea4950afede2d3c5 (patch) | |
| tree | 3f82a009586a1f581b405cb9278d9e461816c788 /scripts/x509-dot.py | |
| parent | 9eb1fa68077e1c572ee88cb260e61f2cb01f8d29 (diff) | |
Try harder to detect self-signed certificates.
svn path=/scripts/x509-dot.py; revision=2551
Diffstat (limited to 'scripts/x509-dot.py')
| -rw-r--r-- | scripts/x509-dot.py | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/scripts/x509-dot.py b/scripts/x509-dot.py index 74977f51..06263e37 100644 --- a/scripts/x509-dot.py +++ b/scripts/x509-dot.py @@ -11,10 +11,10 @@ class x509(object): ski = None aki = None - show_file = True + show_file = False show_ski = False show_aki = False - show_issuer = False + show_issuer = True show_subject = True cn_only = True @@ -93,9 +93,15 @@ class x509(object): for issuer in self.subjects.get(self.issuer, ()): if issuer is self: + print "# Issuer is self" + issuer = None + + if issuer is not None and self.aki is not None and self.ski is not None and self.aki == self.ski: + print "# Self-signed" issuer = None if issuer is not None and self.aki is not None and issuer.ski is not None and self.aki != issuer.ski: + print "# AKI does not match issuer SKI" issuer = None if issuer is not None: |