|
 |
27c138 |
From 3007700a659ede03085f5390153cce483ce987a1 Mon Sep 17 00:00:00 2001
|
|
|
27c138 |
From: Firstyear <william@blackhats.net.au>
|
|
|
27c138 |
Date: Fri, 4 Dec 2020 10:14:33 +1000
|
|
|
27c138 |
Subject: [PATCH] Issue 4460 - BUG - add machine name to subject alt names in
|
|
|
27c138 |
SSCA (#4472)
|
|
|
27c138 |
|
|
|
27c138 |
Bug Description: During SSCA creation, the server cert did not have
|
|
|
27c138 |
the machine name, which meant that the cert would not work without
|
|
|
27c138 |
reqcert = never.
|
|
|
27c138 |
|
|
|
27c138 |
Fix Description: Add the machine name as an alt name during SSCA
|
|
|
27c138 |
creation. It is not guaranteed this value is correct, but it
|
|
|
27c138 |
is better than nothing.
|
|
|
27c138 |
|
|
|
27c138 |
relates: https://github.com/389ds/389-ds-base/issues/4460
|
|
|
27c138 |
|
|
|
27c138 |
Author: William Brown <william@blackhats.net.au>
|
|
|
27c138 |
|
|
|
27c138 |
Review by: mreynolds389, droideck
|
|
|
27c138 |
---
|
|
|
27c138 |
src/lib389/lib389/instance/setup.py | 2 +-
|
|
|
27c138 |
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
27c138 |
|
|
|
27c138 |
diff --git a/src/lib389/lib389/instance/setup.py b/src/lib389/lib389/instance/setup.py
|
|
|
27c138 |
index 7d42ba292..e46f2d1e5 100644
|
|
|
27c138 |
--- a/src/lib389/lib389/instance/setup.py
|
|
|
27c138 |
+++ b/src/lib389/lib389/instance/setup.py
|
|
|
27c138 |
@@ -887,7 +887,7 @@ class SetupDs(object):
|
|
|
27c138 |
tlsdb_inst = NssSsl(dbpath=os.path.join(etc_dirsrv_path, dir))
|
|
|
27c138 |
tlsdb_inst.import_rsa_crt(ca)
|
|
|
27c138 |
|
|
|
27c138 |
- csr = tlsdb.create_rsa_key_and_csr()
|
|
|
27c138 |
+ csr = tlsdb.create_rsa_key_and_csr(alt_names=[general['full_machine_name']])
|
|
|
27c138 |
(ca, crt) = ssca.rsa_ca_sign_csr(csr)
|
|
|
27c138 |
tlsdb.import_rsa_crt(ca, crt)
|
|
|
27c138 |
if general['selinux']:
|
|
|
27c138 |
--
|
|
|
27c138 |
2.26.2
|
|
|
27c138 |
|