saltstack/salt
1
0
Fork 0
mirror of https://github.com/saltstack/salt.git synced 2025-04-17 10:10:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

TLS cert_info: Accept IP Addresses as valid alt_names

Browse source
This commit is contained in:
Ronald van Zantvoort 2018-08-15 01:05:12 +02:00
parent 7d6ecafa94
commit 9c7d3eae72
No known key found for this signature in database
GPG key ID: D3DE53B7EFF75061
1 changed files with 6 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
salt/modules/tls.py
View file

@ -1646,13 +1646,15 @@ def cert_info(cert, digest='sha256'):
continue
if 'subjectAltName' in ret.get('extensions', {}):
valid_entries = ('DNS', 'IP Address')
valid_names = set()
for name in str(ret['extensions']['subjectAltName']).split(", "):
if not name.startswith('DNS:'):
for name in str(ret['extensions']['subjectAltName']).split(', '):
entry, name = name.split(':', 1)
if entry not in valid_entries:
log.error('Cert {0} has an entry ({1}) which does not start '
'with DNS:'.format(cert, name))
'with {2}'.format(ret['subject'], name, '/'.join(valid_entries)))
else:
valid_names.add(name[4:])
valid_names.add(name)
ret['subject_alt_names'] = ' '.join(valid_names)
if hasattr(cert, 'get_signature_algorithm'):