summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGregor Kleen <gkleen@yggdrasil.li>2022-11-14 20:37:23 +0100
committerGregor Kleen <gkleen@yggdrasil.li>2022-11-14 20:37:23 +0100
commitb8f79b6690441cbe53c07dfd440f3330c886dc0d (patch)
tree4731b7e01f39cd6a10ca15b31e4c752ef7bbd80e
parent62759490174563b45757da9e5e48ac5d59a47aa3 (diff)
downloadnixos-b8f79b6690441cbe53c07dfd440f3330c886dc0d.tar
nixos-b8f79b6690441cbe53c07dfd440f3330c886dc0d.tar.gz
nixos-b8f79b6690441cbe53c07dfd440f3330c886dc0d.tar.bz2
nixos-b8f79b6690441cbe53c07dfd440f3330c886dc0d.tar.xz
nixos-b8f79b6690441cbe53c07dfd440f3330c886dc0d.zip
...
-rw-r--r--tools/ca/ca/__main__.py12
1 files changed, 8 insertions, 4 deletions
diff --git a/tools/ca/ca/__main__.py b/tools/ca/ca/__main__.py
index 118b3763..22dcaeed 100644
--- a/tools/ca/ca/__main__.py
+++ b/tools/ca/ca/__main__.py
@@ -12,6 +12,7 @@ from cryptography import __version__ as cryptography_version
12from cryptography.hazmat.backends import openssl 12from cryptography.hazmat.backends import openssl
13from cryptography import x509 13from cryptography import x509
14from cryptography.x509.oid import NameOID, ExtendedKeyUsageOID, ExtensionOID 14from cryptography.x509.oid import NameOID, ExtendedKeyUsageOID, ExtensionOID
15from cryptography.x509.extensions import ExtensionNotFound
15from cryptography.hazmat.primitives import serialization, hashes 16from cryptography.hazmat.primitives import serialization, hashes
16from cryptography.hazmat.primitives.serialization import PrivateFormat, pkcs12 17from cryptography.hazmat.primitives.serialization import PrivateFormat, pkcs12
17from cryptography.hazmat.primitives.asymmetric.ed25519 import Ed25519PrivateKey 18from cryptography.hazmat.primitives.asymmetric.ed25519 import Ed25519PrivateKey
@@ -352,10 +353,13 @@ def signcsr(ca_cert, ca_key, clock_skew, validity, subject, alternative_name, ke
352 ]) 353 ])
353 354
354 if not ignore_alternative_names: 355 if not ignore_alternative_names:
355 ext = csr.extensions.get_extension_for_oid(ExtensionOID.SUBJECT_ALTERNATIVE_NAME) 356 try:
356 csr_alt_names = ext.value.get_values_for_type(x509.DNSName) 357 ext = csr.extensions.get_extension_for_oid(ExtensionOID.SUBJECT_ALTERNATIVE_NAME)
357 logger.warn('Using alternative names from csr: %s', csr_alt_names) 358 csr_alt_names = ext.value.get_values_for_type(x509.DNSName)
358 alternative_name = list(set(alternative_name) | set(csr_alt_names)) 359 logger.warn('Using alternative names from csr: %s', csr_alt_names)
360 alternative_name = list(set(alternative_name) | set(csr_alt_names))
361 except ExtensionNotFound:
362 pass
359 363
360 ca_key = load_key(ca_key) 364 ca_key = load_key(ca_key)
361 with open(ca_cert, 'rb') as fh: 365 with open(ca_cert, 'rb') as fh: