search

google / certificate-transparency

Auditing for TLS certificates.
https://certificate.transparency.dev
Apache License 2.0
869 stars 283 forks source link

Invalid schema expectation in print_log_list #1473

Open yan-foto opened 4 years ago

yan-foto commented 4 years ago

OpenSSL 1.1 adds ct support noting that the list of logs can be generated by python utilities provided here from the list of known logs provided by certificate transparency.

In openssl_generator.py, however, it is expected that this list is an object containing the key logs, whereas in reality this is an object with an array of operators each with its own logs key.

Before submitting a PR, I wanted to make sure, that this is really a bug and not just a problem on my side.

yan-foto commented 3 years ago

Since its been a long time and there's been no activity here, I though I'd just post a quick solution here:

diff --git a/python/utilities/log_list/openssl_generator.py b/python/utilities/log_list/openssl_generator.py
index 23e83761..8446665b 100644
--- a/python/utilities/log_list/openssl_generator.py
+++ b/python/utilities/log_list/openssl_generator.py
@@ -36,7 +36,8 @@ def _log_conf(log):
 def generate_openssl_conf(json_log_list, output_path):
     '''Given a log list read from JSON, writes an OpenSSL log list to a file'''
     with open(output_path, "w") as output:
-        logs = json_log_list["logs"]
+        # Put all logs together regardless of operator
+        logs = reduce(lambda prev, cur: prev + cur["logs"], json_log_list["operators"], [])
         log_confs = (_log_conf(log) for log in logs)

         output.write(_enabled_logs_conf(logs) + "\n")