IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

test_caless: add SAN dNSName extensions for wildcard tests

Browse Source 
It may happen that FQDN does not match with the domain mapped to
the host. In this case we add wildcard for both domains.

https://pagure.io/freeipa/issue/7100

Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
This commit is contained in:
Michal Reznik 2017-07-28 08:54:54 +02:00 committed by Tomas Krizek
parent 76357283ec
commit a3c99367bf
No known key found for this signature in database
GPG Key ID: 22A2A94B5E49415A
1 changed files with 12 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
ipatests/test_integration/create_caless_pki.py
View File

@ -162,7 +162,7 @@ def profile_ca(builder, ca_nick, ca):
def profile_server(builder, ca_nick, ca,
warp=datetime.timedelta(days=0), dns_name=None,
badusage=False):
badusage=False, wildcard=False):
now = datetime.datetime.utcnow() + warp
builder = builder.not_valid_before(now)
@ -204,6 +204,16 @@ def profile_server(builder, ca_nick, ca,
critical=False
)
if wildcard:
names = [x509.DNSName(u'*.' + domain)]
server_split = server1.split('.', 1)
if len(server_split) == 2 and domain != server_split[1]:
names.append(x509.DNSName(u'*.' + server_split[1]))
builder = builder.add_extension(
x509.SubjectAlternativeName(names),
critical=False,
)
return builder
@ -488,7 +498,7 @@ def gen_subtree(nick_base, org, ca=None):
x509.NameAttribute(NameOID.ORGANIZATION_NAME, org),
x509.NameAttribute(NameOID.COMMON_NAME, u'*.' + domain)
]),
subca
subca, wildcard=True
)
gen_server_certs(u'server', server1, org, subca)
gen_server_certs(u'replica', server2, org, subca)