diff options
author | Russell Teague <rteague@redhat.com> | 2018-01-25 14:26:49 -0500 |
---|---|---|
committer | Russell Teague <rteague@redhat.com> | 2018-01-25 14:26:49 -0500 |
commit | 5c241b2bef8a1b2883874e3ab4ecd5f70b361ab0 (patch) | |
tree | ae79242e76c7255e759bac2fd6825b30a51fad86 /roles/lib_utils | |
parent | 602fa687a2266dcb351492113654999a02c03faa (diff) | |
download | openshift-5c241b2bef8a1b2883874e3ab4ecd5f70b361ab0.tar.gz openshift-5c241b2bef8a1b2883874e3ab4ecd5f70b361ab0.tar.bz2 openshift-5c241b2bef8a1b2883874e3ab4ecd5f70b361ab0.tar.xz openshift-5c241b2bef8a1b2883874e3ab4ecd5f70b361ab0.zip |
[1502838] Correct certificate alt name parsing
Certificates may have alternate names specified, which may contain
different name types. Only 'DNS' alternate types should be parsed.
X509v3 Subject Alternative Name:
email:hostmaster@example.com, DNS:host.example.com
Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1502838
Diffstat (limited to 'roles/lib_utils')
-rw-r--r-- | roles/lib_utils/filter_plugins/oo_filters.py | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/roles/lib_utils/filter_plugins/oo_filters.py b/roles/lib_utils/filter_plugins/oo_filters.py index ef996fefe..a5c8c2aba 100644 --- a/roles/lib_utils/filter_plugins/oo_filters.py +++ b/roles/lib_utils/filter_plugins/oo_filters.py @@ -272,7 +272,7 @@ def haproxy_backend_masters(hosts, port): return servers -# pylint: disable=too-many-branches +# pylint: disable=too-many-branches, too-many-nested-blocks def lib_utils_oo_parse_named_certificates(certificates, named_certs_dir, internal_hostnames): """ Parses names from list of certificate hashes. @@ -318,8 +318,9 @@ def lib_utils_oo_parse_named_certificates(certificates, named_certs_dir, interna certificate['names'].append(str(cert.get_subject().commonName.decode())) for i in range(cert.get_extension_count()): if cert.get_extension(i).get_short_name() == 'subjectAltName': - for name in str(cert.get_extension(i)).replace('DNS:', '').split(', '): - certificate['names'].append(name) + for name in str(cert.get_extension(i)).split(', '): + if 'DNS:' in name: + certificate['names'].append(name.replace('DNS:', '')) except Exception: raise errors.AnsibleFilterError(("|failed to parse certificate '%s', " % certificate['certfile'] + "please specify certificate names in host inventory")) |