fix multi-step certificate chain bug in CRL check

2018-08-20 12:27:59 -04:00
parent fda3046832
commit c8bcde48ec
6 changed files with 187 additions and 1 deletions
--- a/atst/domain/authnid/crl/init.py
+++ b/atst/domain/authnid/crl/init.py
@@ -77,7 +77,7 @@ class CRLCache():
        store.add_cert(ca)
        self.log_info("STORE ID: {}. Adding CA with subject {}".format(id(store), ca.get_subject()))

-        if issuer == ca.get_subject():
+        if issuer == ca.get_issuer():
            # i.e., it is the root CA and we are at the end of the chain
            return store