From b8f79b6690441cbe53c07dfd440f3330c886dc0d Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Mon, 14 Nov 2022 20:37:23 +0100 Subject: ... --- tools/ca/ca/__main__.py | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) (limited to 'tools/ca') diff --git a/tools/ca/ca/__main__.py b/tools/ca/ca/__main__.py index 118b3763..22dcaeed 100644 --- a/tools/ca/ca/__main__.py +++ b/tools/ca/ca/__main__.py @@ -12,6 +12,7 @@ from cryptography import __version__ as cryptography_version from cryptography.hazmat.backends import openssl from cryptography import x509 from cryptography.x509.oid import NameOID, ExtendedKeyUsageOID, ExtensionOID +from cryptography.x509.extensions import ExtensionNotFound from cryptography.hazmat.primitives import serialization, hashes from cryptography.hazmat.primitives.serialization import PrivateFormat, pkcs12 from cryptography.hazmat.primitives.asymmetric.ed25519 import Ed25519PrivateKey @@ -352,10 +353,13 @@ def signcsr(ca_cert, ca_key, clock_skew, validity, subject, alternative_name, ke ]) if not ignore_alternative_names: - ext = csr.extensions.get_extension_for_oid(ExtensionOID.SUBJECT_ALTERNATIVE_NAME) - csr_alt_names = ext.value.get_values_for_type(x509.DNSName) - logger.warn('Using alternative names from csr: %s', csr_alt_names) - alternative_name = list(set(alternative_name) | set(csr_alt_names)) + try: + ext = csr.extensions.get_extension_for_oid(ExtensionOID.SUBJECT_ALTERNATIVE_NAME) + csr_alt_names = ext.value.get_values_for_type(x509.DNSName) + logger.warn('Using alternative names from csr: %s', csr_alt_names) + alternative_name = list(set(alternative_name) | set(csr_alt_names)) + except ExtensionNotFound: + pass ca_key = load_key(ca_key) with open(ca_cert, 'rb') as fh: -- cgit v1.2.3