When generating self-signed certs, ensure cn length is <=64
When the fqdn of the machine is too long, we can go beyond the 64 character limit of the CN attribute for the SSL certificate. Let's make sure we do not exceed that limit. Change-Id: Idc3ad1743971a52902a832797070d5010b38d9e7
This commit is contained in:
parent
316fad0d10
commit
a2decd62fc
|
@ -115,7 +115,11 @@ def generate_ssl_cert(config, host, service, ssl_key_file, ssl_cert_file):
|
|||
subject.L = config['CONFIG_SSL_CERT_SUBJECT_L']
|
||||
subject.O = config['CONFIG_SSL_CERT_SUBJECT_O']
|
||||
subject.OU = config['CONFIG_SSL_CERT_SUBJECT_OU']
|
||||
subject.CN = "%s/%s" % (service, fqdn)
|
||||
cn = "%s/%s" % (service, fqdn)
|
||||
# if subject.CN is more than 64 chars long, cert creation will fail
|
||||
if len(cn) > 64:
|
||||
cn = cn[0:63]
|
||||
subject.CN = cn
|
||||
subject.emailAddress = mail
|
||||
|
||||
cert.add_extensions([
|
||||
|
|
Loading…
Reference in New Issue