diff options
author | OpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com> | 2018-01-25 14:20:21 -0800 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-01-25 14:20:21 -0800 |
commit | 962f186bcf0ffa56d1dacfbbfe79e6d76d6e8bbd (patch) | |
tree | fb385e8f84d378395fe71c37ea586a97c471f5e6 | |
parent | 6c921b0877c38c2a6e55cd5852a740ec88fde8fb (diff) | |
parent | 5c241b2bef8a1b2883874e3ab4ecd5f70b361ab0 (diff) | |
download | openshift-962f186bcf0ffa56d1dacfbbfe79e6d76d6e8bbd.tar.gz openshift-962f186bcf0ffa56d1dacfbbfe79e6d76d6e8bbd.tar.bz2 openshift-962f186bcf0ffa56d1dacfbbfe79e6d76d6e8bbd.tar.xz openshift-962f186bcf0ffa56d1dacfbbfe79e6d76d6e8bbd.zip |
Merge pull request #6878 from mtnbikenc/fix-1502838
Automatic merge from submit-queue.
[1502838] Correct certificate alt name parsing
Certificates may have alternate names specified, which may contain
different name types. Only 'DNS' alternate types should be parsed.
X509v3 Subject Alternative Name:
email:hostmaster@example.com, DNS:host.example.com
Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1502838
-rw-r--r-- | roles/lib_utils/filter_plugins/oo_filters.py | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/roles/lib_utils/filter_plugins/oo_filters.py b/roles/lib_utils/filter_plugins/oo_filters.py index ef996fefe..a5c8c2aba 100644 --- a/roles/lib_utils/filter_plugins/oo_filters.py +++ b/roles/lib_utils/filter_plugins/oo_filters.py @@ -272,7 +272,7 @@ def haproxy_backend_masters(hosts, port): return servers -# pylint: disable=too-many-branches +# pylint: disable=too-many-branches, too-many-nested-blocks def lib_utils_oo_parse_named_certificates(certificates, named_certs_dir, internal_hostnames): """ Parses names from list of certificate hashes. @@ -318,8 +318,9 @@ def lib_utils_oo_parse_named_certificates(certificates, named_certs_dir, interna certificate['names'].append(str(cert.get_subject().commonName.decode())) for i in range(cert.get_extension_count()): if cert.get_extension(i).get_short_name() == 'subjectAltName': - for name in str(cert.get_extension(i)).replace('DNS:', '').split(', '): - certificate['names'].append(name) + for name in str(cert.get_extension(i)).split(', '): + if 'DNS:' in name: + certificate['names'].append(name.replace('DNS:', '')) except Exception: raise errors.AnsibleFilterError(("|failed to parse certificate '%s', " % certificate['certfile'] + "please specify certificate names in host inventory")) |