Home Explore Help
Sign In
Hoshpak
/
acme-updater
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

add function to parse subjectAltNames and use it instead of the CN to identify certificates (closes #3)

Helmut Pozimski 7 years ago
parent
2b767f9e10
commit
23acf90550
2 changed files with 26 additions and 4 deletions
Split View Show Diff Stats
  1. 20 0
      amulib/helpers.py
  2. 6 4
      amulib/service.py

+ 20 - 0
amulib/helpers.py
View File 

@@ -300,3 +300,23 @@ def create_tlsa_records(domain, port, certificate, named_key_path):
 
     zone = "%s.%s" % (domain.split(".")[-2], domain.split(".")[-1])
 
     tsig, keyalgo = get_tsig_key(named_key_path)
 
     update_tlsa_record(zone, port, hash_digest, tsig, keyalgo, domain)
 
+
 
+
 
+def get_subject_alt_name(certificate):
 
+    """
 
+    Extracts the subjectAltName entries from a X509 certficiate
 
+
 
+    :param certificate: the certificate to extract the subjectAltName \
 
+    entries from
 
+    :type certificate: OpenSSL.crypto.X509
 
+    :return: list of hostnames
 
+    :rtype: list
 
+    """
 
+    list = []
 
+    for i in range(0, certificate.get_extension_count(), 1):
 
+        if certificate.get_extension(i).get_short_name() == b"subjectAltName":
 
+            extension_string = str(certificate.get_extension(i))
 
+            for entry in extension_string.split(","):
 
+                list.append(entry.split(":")[1])
 
+            break
 
+    return list

+ 6 - 4
amulib/service.py
View File 

@@ -59,7 +59,8 @@ def run(service_name, config, acme_dir="/var/lib/acme",
 
         current_cert = OpenSSL.crypto.load_certificate(
 
             OpenSSL.crypto.FILETYPE_PEM, cert_text
 
         )
 
-        fqdn = current_cert.get_subject().CN
 
+        cert_alt_names = helpers.get_subject_alt_name(current_cert)
 
+        fqdn = cert_alt_names[0]
 
         acme_cert_path = os.path.join(acme_dir, "live", fqdn,
 
                                       "cert")
 
         acme_fullchain_path = os.path.join(acme_dir, "live", fqdn,
 
@@ -76,9 +77,10 @@ def run(service_name, config, acme_dir="/var/lib/acme",
 
                     OpenSSL.crypto.FILETYPE_PEM, acme_cert_text
 
                 )
 
                 if tlsa:
 
-                    for port in tlsa_ports:
 
-                        helpers.create_tlsa_records(fqdn, port, acme_cert,
 
-                                                    named_key_path)
 
+                    for name in cert_alt_names:
 
+                        for port in tlsa_ports:
 
+                            helpers.create_tlsa_records(name, port, acme_cert,
 
+                                                        named_key_path)
 
                 newkey_path = os.path.join(acme_dir, "live",
 
                                            fqdn, "privkey")
 
                 if certificate_path == key_path: