diff options
author | Gregor Kleen <gkleen@yggdrasil.li> | 2022-11-14 20:37:23 +0100 |
---|---|---|
committer | Gregor Kleen <gkleen@yggdrasil.li> | 2022-11-14 20:37:23 +0100 |
commit | b8f79b6690441cbe53c07dfd440f3330c886dc0d (patch) | |
tree | 4731b7e01f39cd6a10ca15b31e4c752ef7bbd80e | |
parent | 62759490174563b45757da9e5e48ac5d59a47aa3 (diff) | |
download | nixos-b8f79b6690441cbe53c07dfd440f3330c886dc0d.tar nixos-b8f79b6690441cbe53c07dfd440f3330c886dc0d.tar.gz nixos-b8f79b6690441cbe53c07dfd440f3330c886dc0d.tar.bz2 nixos-b8f79b6690441cbe53c07dfd440f3330c886dc0d.tar.xz nixos-b8f79b6690441cbe53c07dfd440f3330c886dc0d.zip |
...
-rw-r--r-- | tools/ca/ca/__main__.py | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/tools/ca/ca/__main__.py b/tools/ca/ca/__main__.py index 118b3763..22dcaeed 100644 --- a/tools/ca/ca/__main__.py +++ b/tools/ca/ca/__main__.py | |||
@@ -12,6 +12,7 @@ from cryptography import __version__ as cryptography_version | |||
12 | from cryptography.hazmat.backends import openssl | 12 | from cryptography.hazmat.backends import openssl |
13 | from cryptography import x509 | 13 | from cryptography import x509 |
14 | from cryptography.x509.oid import NameOID, ExtendedKeyUsageOID, ExtensionOID | 14 | from cryptography.x509.oid import NameOID, ExtendedKeyUsageOID, ExtensionOID |
15 | from cryptography.x509.extensions import ExtensionNotFound | ||
15 | from cryptography.hazmat.primitives import serialization, hashes | 16 | from cryptography.hazmat.primitives import serialization, hashes |
16 | from cryptography.hazmat.primitives.serialization import PrivateFormat, pkcs12 | 17 | from cryptography.hazmat.primitives.serialization import PrivateFormat, pkcs12 |
17 | from cryptography.hazmat.primitives.asymmetric.ed25519 import Ed25519PrivateKey | 18 | from cryptography.hazmat.primitives.asymmetric.ed25519 import Ed25519PrivateKey |
@@ -352,10 +353,13 @@ def signcsr(ca_cert, ca_key, clock_skew, validity, subject, alternative_name, ke | |||
352 | ]) | 353 | ]) |
353 | 354 | ||
354 | if not ignore_alternative_names: | 355 | if not ignore_alternative_names: |
355 | ext = csr.extensions.get_extension_for_oid(ExtensionOID.SUBJECT_ALTERNATIVE_NAME) | 356 | try: |
356 | csr_alt_names = ext.value.get_values_for_type(x509.DNSName) | 357 | ext = csr.extensions.get_extension_for_oid(ExtensionOID.SUBJECT_ALTERNATIVE_NAME) |
357 | logger.warn('Using alternative names from csr: %s', csr_alt_names) | 358 | csr_alt_names = ext.value.get_values_for_type(x509.DNSName) |
358 | alternative_name = list(set(alternative_name) | set(csr_alt_names)) | 359 | logger.warn('Using alternative names from csr: %s', csr_alt_names) |
360 | alternative_name = list(set(alternative_name) | set(csr_alt_names)) | ||
361 | except ExtensionNotFound: | ||
362 | pass | ||
359 | 363 | ||
360 | ca_key = load_key(ca_key) | 364 | ca_key = load_key(ca_key) |
361 | with open(ca_cert, 'rb') as fh: | 365 | with open(ca_cert, 'rb') as fh: |