When generating self-signed certs, ensure cn length is <=64

When the fqdn of the machine is too long, we can go beyond the 64 character limit of the CN attribute for the SSL certificate. Let's make sure we do not exceed that limit. Change-Id: Idc3ad1743971a52902a832797070d5010b38d9e7
2019-02-21 14:17:51 +01:00 · 2019-02-21 14:17:51 +01:00 · a2decd62fc
parent 316fad0d10
commit a2decd62fc
1 changed files with 5 additions and 1 deletions
--- a/packstack/modules/ospluginutils.py
+++ b/packstack/modules/ospluginutils.py
@ -115,7 +115,11 @@ def generate_ssl_cert(config, host, service, ssl_key_file, ssl_cert_file):
        subject.L = config['CONFIG_SSL_CERT_SUBJECT_L']
        subject.O = config['CONFIG_SSL_CERT_SUBJECT_O']
        subject.OU = config['CONFIG_SSL_CERT_SUBJECT_OU']
-        subject.CN = "%s/%s" % (service, fqdn)
+        cn = "%s/%s" % (service, fqdn)
+        # if subject.CN is more than 64 chars long, cert creation will fail
+        if len(cn) > 64:
+            cn = cn[0:63]
+        subject.CN = cn
        subject.emailAddress = mail

        cert.add_extensions([