summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorOpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com>2018-01-25 14:20:21 -0800
committerGitHub <noreply@github.com>2018-01-25 14:20:21 -0800
commit962f186bcf0ffa56d1dacfbbfe79e6d76d6e8bbd (patch)
treefb385e8f84d378395fe71c37ea586a97c471f5e6
parent6c921b0877c38c2a6e55cd5852a740ec88fde8fb (diff)
parent5c241b2bef8a1b2883874e3ab4ecd5f70b361ab0 (diff)
downloadopenshift-962f186bcf0ffa56d1dacfbbfe79e6d76d6e8bbd.tar.gz
openshift-962f186bcf0ffa56d1dacfbbfe79e6d76d6e8bbd.tar.bz2
openshift-962f186bcf0ffa56d1dacfbbfe79e6d76d6e8bbd.tar.xz
openshift-962f186bcf0ffa56d1dacfbbfe79e6d76d6e8bbd.zip
Merge pull request #6878 from mtnbikenc/fix-1502838
Automatic merge from submit-queue. [1502838] Correct certificate alt name parsing Certificates may have alternate names specified, which may contain different name types. Only 'DNS' alternate types should be parsed. X509v3 Subject Alternative Name: email:hostmaster@example.com, DNS:host.example.com Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1502838
-rw-r--r--roles/lib_utils/filter_plugins/oo_filters.py7
1 files changed, 4 insertions, 3 deletions
diff --git a/roles/lib_utils/filter_plugins/oo_filters.py b/roles/lib_utils/filter_plugins/oo_filters.py
index ef996fefe..a5c8c2aba 100644
--- a/roles/lib_utils/filter_plugins/oo_filters.py
+++ b/roles/lib_utils/filter_plugins/oo_filters.py
@@ -272,7 +272,7 @@ def haproxy_backend_masters(hosts, port):
return servers
-# pylint: disable=too-many-branches
+# pylint: disable=too-many-branches, too-many-nested-blocks
def lib_utils_oo_parse_named_certificates(certificates, named_certs_dir, internal_hostnames):
""" Parses names from list of certificate hashes.
@@ -318,8 +318,9 @@ def lib_utils_oo_parse_named_certificates(certificates, named_certs_dir, interna
certificate['names'].append(str(cert.get_subject().commonName.decode()))
for i in range(cert.get_extension_count()):
if cert.get_extension(i).get_short_name() == 'subjectAltName':
- for name in str(cert.get_extension(i)).replace('DNS:', '').split(', '):
- certificate['names'].append(name)
+ for name in str(cert.get_extension(i)).split(', '):
+ if 'DNS:' in name:
+ certificate['names'].append(name.replace('DNS:', ''))
except Exception:
raise errors.AnsibleFilterError(("|failed to parse certificate '%s', " % certificate['certfile'] +
"please specify certificate names in host inventory"))