...

1 files changed, 8 insertions, 4 deletions

diff --git a/tools/ca/ca/__main__.py b/tools/ca/ca/__main__.py
index 118b3763..22dcaeed 100644
--- a/tools/ca/ca/__main__.py
+++ b/tools/ca/ca/__main__.py
@@ -12,6 +12,7 @@ from cryptography import __version__ as cryptography_version
 from cryptography.hazmat.backends import openssl
 from cryptography import x509
 from cryptography.x509.oid import NameOID, ExtendedKeyUsageOID, ExtensionOID
+from cryptography.x509.extensions import ExtensionNotFound
 from cryptography.hazmat.primitives import serialization, hashes
 from cryptography.hazmat.primitives.serialization import PrivateFormat, pkcs12
 from cryptography.hazmat.primitives.asymmetric.ed25519 import Ed25519PrivateKey
@@ -352,10 +353,13 @@ def signcsr(ca_cert, ca_key, clock_skew, validity, subject, alternative_name, ke
     ])
 
     if not ignore_alternative_names:
-        ext = csr.extensions.get_extension_for_oid(ExtensionOID.SUBJECT_ALTERNATIVE_NAME)
-        csr_alt_names = ext.value.get_values_for_type(x509.DNSName)
-        logger.warn('Using alternative names from csr: %s', csr_alt_names)
-        alternative_name = list(set(alternative_name) | set(csr_alt_names))
+        try:
+            ext = csr.extensions.get_extension_for_oid(ExtensionOID.SUBJECT_ALTERNATIVE_NAME)
+            csr_alt_names = ext.value.get_values_for_type(x509.DNSName)
+            logger.warn('Using alternative names from csr: %s', csr_alt_names)
+            alternative_name = list(set(alternative_name) | set(csr_alt_names))
+        except ExtensionNotFound:
+            pass
 
     ca_key = load_key(ca_key)
     with open(ca_cert, 'rb') as fh: