summaryrefslogtreecommitdiffstats
path: root/roles/lib_utils
diff options
context:
space:
mode:
authorRussell Teague <rteague@redhat.com>2018-01-25 14:26:49 -0500
committerRussell Teague <rteague@redhat.com>2018-01-25 14:26:49 -0500
commit5c241b2bef8a1b2883874e3ab4ecd5f70b361ab0 (patch)
treeae79242e76c7255e759bac2fd6825b30a51fad86 /roles/lib_utils
parent602fa687a2266dcb351492113654999a02c03faa (diff)
downloadopenshift-5c241b2bef8a1b2883874e3ab4ecd5f70b361ab0.tar.gz
openshift-5c241b2bef8a1b2883874e3ab4ecd5f70b361ab0.tar.bz2
openshift-5c241b2bef8a1b2883874e3ab4ecd5f70b361ab0.tar.xz
openshift-5c241b2bef8a1b2883874e3ab4ecd5f70b361ab0.zip
[1502838] Correct certificate alt name parsing
Certificates may have alternate names specified, which may contain different name types. Only 'DNS' alternate types should be parsed. X509v3 Subject Alternative Name: email:hostmaster@example.com, DNS:host.example.com Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1502838
Diffstat (limited to 'roles/lib_utils')
-rw-r--r--roles/lib_utils/filter_plugins/oo_filters.py7
1 files changed, 4 insertions, 3 deletions
diff --git a/roles/lib_utils/filter_plugins/oo_filters.py b/roles/lib_utils/filter_plugins/oo_filters.py
index ef996fefe..a5c8c2aba 100644
--- a/roles/lib_utils/filter_plugins/oo_filters.py
+++ b/roles/lib_utils/filter_plugins/oo_filters.py
@@ -272,7 +272,7 @@ def haproxy_backend_masters(hosts, port):
return servers
-# pylint: disable=too-many-branches
+# pylint: disable=too-many-branches, too-many-nested-blocks
def lib_utils_oo_parse_named_certificates(certificates, named_certs_dir, internal_hostnames):
""" Parses names from list of certificate hashes.
@@ -318,8 +318,9 @@ def lib_utils_oo_parse_named_certificates(certificates, named_certs_dir, interna
certificate['names'].append(str(cert.get_subject().commonName.decode()))
for i in range(cert.get_extension_count()):
if cert.get_extension(i).get_short_name() == 'subjectAltName':
- for name in str(cert.get_extension(i)).replace('DNS:', '').split(', '):
- certificate['names'].append(name)
+ for name in str(cert.get_extension(i)).split(', '):
+ if 'DNS:' in name:
+ certificate['names'].append(name.replace('DNS:', ''))
except Exception:
raise errors.AnsibleFilterError(("|failed to parse certificate '%s', " % certificate['certfile'] +
"please specify certificate names in host inventory"))