Skip to content

Commit

Permalink
Merge pull request #1994 from YunoHost/enh-san
Browse files Browse the repository at this point in the history 
Support domains in cert_alternate_names hook
  • Loading branch information
@alexAubin
alexAubin authored Nov 5, 2024
2 parents 194a4f4 + 91eaa15 commit b60df05
Showing 1 changed file with 5 additions and 1 deletion.
6 changes: 5 additions & 1 deletion src/certificate.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -597,12 +597,16 @@ def _prepare_certificate_signing_request(domain, key_file, output_folder):
sanlist += result["stdreturn"]

if sanlist:
subsanlist = [f"DNS:{sub}.{domain}" for sub in sanlist if "." not in sub]
# This is meant for situation such as cryptpad where we need to be able to have a cert for sandbox-domain.tld (with a dash, not just sandbox.domain.tld)
domainsanlist = [f"DNS:{domain}" for domain in sanlist if "." in domain]
sanlist = ", ".join(subsanlist+domainsanlist)
csr.add_extensions(
[
crypto.X509Extension(
b"subjectAltName",
False,
(", ".join([f"DNS:{sub}.{domain}" for sub in sanlist])).encode(
sanlist.encode(
"utf-8"
),
)
Expand Down

0 comments on commit b60df05

Please sign in to comment.