andykimpe / rpms / 389-ds-base

Forked from rpms/389-ds-base 5 months ago
Clone

Blame SOURCES/0016-Issue-4460-BUG-add-machine-name-to-subject-alt-names.patch

3280a9
From 3007700a659ede03085f5390153cce483ce987a1 Mon Sep 17 00:00:00 2001
ef1f48
From: Firstyear <william@blackhats.net.au>
ef1f48
Date: Fri, 4 Dec 2020 10:14:33 +1000
ef1f48
Subject: [PATCH] Issue 4460 - BUG - add machine name to subject alt names in
ef1f48
 SSCA (#4472)
ef1f48
ef1f48
Bug Description: During SSCA creation, the server cert did not have
ef1f48
the machine name, which meant that the cert would not work without
ef1f48
reqcert = never.
ef1f48
ef1f48
Fix Description: Add the machine name as an alt name during SSCA
ef1f48
creation. It is not guaranteed this value is correct, but it
ef1f48
is better than nothing.
ef1f48
ef1f48
relates: https://github.com/389ds/389-ds-base/issues/4460
ef1f48
ef1f48
Author: William Brown <william@blackhats.net.au>
ef1f48
ef1f48
Review by: mreynolds389, droideck
ef1f48
---
ef1f48
 src/lib389/lib389/instance/setup.py | 2 +-
ef1f48
 1 file changed, 1 insertion(+), 1 deletion(-)
ef1f48
ef1f48
diff --git a/src/lib389/lib389/instance/setup.py b/src/lib389/lib389/instance/setup.py
3280a9
index 7d42ba292..e46f2d1e5 100644
ef1f48
--- a/src/lib389/lib389/instance/setup.py
ef1f48
+++ b/src/lib389/lib389/instance/setup.py
3280a9
@@ -887,7 +887,7 @@ class SetupDs(object):
ef1f48
                         tlsdb_inst = NssSsl(dbpath=os.path.join(etc_dirsrv_path, dir))
ef1f48
                         tlsdb_inst.import_rsa_crt(ca)
ef1f48
 
ef1f48
-            csr = tlsdb.create_rsa_key_and_csr()
ef1f48
+            csr = tlsdb.create_rsa_key_and_csr(alt_names=[general['full_machine_name']])
ef1f48
             (ca, crt) = ssca.rsa_ca_sign_csr(csr)
ef1f48
             tlsdb.import_rsa_crt(ca, crt)
ef1f48
             if general['selinux']:
ef1f48
-- 
ef1f48
2.26.2
ef1f48