From e5f198cf8b63e343b23a7258a66a558139ed1726 Mon Sep 17 00:00:00 2001 From: Yonas Habteab Date: Mon, 13 May 2024 12:23:38 +0200 Subject: [PATCH] Fix `CheckCommand` misbehaviour with `self-signed` certs --- application/clicommands/CheckCommand.php | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/application/clicommands/CheckCommand.php b/application/clicommands/CheckCommand.php index 0c369d9c..c7cdc2ae 100644 --- a/application/clicommands/CheckCommand.php +++ b/application/clicommands/CheckCommand.php @@ -93,7 +93,8 @@ public function hostAction() ->columns([new Expression('MAX(GREATEST(%s, %s))', ['valid_from', 'issuer_certificate.valid_from'])]) ->getSelectBase() ->resetWhere() - ->where(new Expression('sub_certificate_link.certificate_chain_id = target_chain.id')); + ->where(new Expression('sub_certificate_link.certificate_chain_id = target_chain.id')) + ->where(new Expression("sub_certificate.self_signed != 'y'")); // Sub query for `valid_to` column $validTo = $targets->createSubQuery(new X509Certificate(), 'chain.certificate'); @@ -102,16 +103,22 @@ public function hostAction() ->getSelectBase() // Reset the where clause generated within the createSubQuery() method. ->resetWhere() - ->where(new Expression('sub_certificate_link.certificate_chain_id = target_chain.id')); + ->where(new Expression('sub_certificate_link.certificate_chain_id = target_chain.id')) + ->where(new Expression("sub_certificate.self_signed != 'y'")); list($validFromSelect, $_) = $validFrom->dump(); list($validToSelect, $_) = $validTo->dump(); $targets ->withColumns([ - 'valid_from' => new Expression($validFromSelect), - 'valid_to' => new Expression($validToSelect) + 'valid_from' => new Expression( + sprintf('COALESCE((%s), target_chain_certificate.valid_from)', $validFromSelect) + ), + 'valid_to' => new Expression( + sprintf('COALESCE((%s), target_chain_certificate.valid_to)', $validToSelect) + ) ]) ->getSelectBase() + ->distinct() ->where(new Expression('target_chain_link.order = 0')); if ($ip !== null) {