From a2decd62fc143d9af86c26eefd486d578787d4a4 Mon Sep 17 00:00:00 2001 From: Javier Pena Date: Thu, 21 Feb 2019 14:17:51 +0100 Subject: [PATCH] When generating self-signed certs, ensure cn length is <=64 When the fqdn of the machine is too long, we can go beyond the 64 character limit of the CN attribute for the SSL certificate. Let's make sure we do not exceed that limit. Change-Id: Idc3ad1743971a52902a832797070d5010b38d9e7 --- packstack/modules/ospluginutils.py | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/packstack/modules/ospluginutils.py b/packstack/modules/ospluginutils.py index 945de09de..27072d649 100644 --- a/packstack/modules/ospluginutils.py +++ b/packstack/modules/ospluginutils.py @@ -115,7 +115,11 @@ def generate_ssl_cert(config, host, service, ssl_key_file, ssl_cert_file): subject.L = config['CONFIG_SSL_CERT_SUBJECT_L'] subject.O = config['CONFIG_SSL_CERT_SUBJECT_O'] subject.OU = config['CONFIG_SSL_CERT_SUBJECT_OU'] - subject.CN = "%s/%s" % (service, fqdn) + cn = "%s/%s" % (service, fqdn) + # if subject.CN is more than 64 chars long, cert creation will fail + if len(cn) > 64: + cn = cn[0:63] + subject.CN = cn subject.emailAddress = mail cert.add_extensions([