lauri/certidude
1
0
Fork 0
mirror of https://github.com/laurivosandi/certidude synced 2025-10-31 01:19:11 +00:00
Code Issues Activity

Use random serial for CA certificate

Browse Source
This commit is contained in:
Lauri Võsandi
2017-03-26 20:44:47 +00:00
parent a663efd39e
commit 44b6f13669
2 changed files with 6 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
certidude/cli.py
View File

@@ -862,7 +862,10 @@ def certidude_setup_authority(username, kerberos_keytab, nginx_config, country,
).not_valid_before(datetime.utcnow() ).not_valid_before(datetime.utcnow()
).not_valid_after( ).not_valid_after(
datetime.utcnow() + timedelta(days=authority_lifetime) datetime.utcnow() + timedelta(days=authority_lifetime)
).serial_number(1 ).serial_number(
random.randint(
0x100000000000000000000000000000000000000,
0xfffffffffffffffffffffffffffffffffffffff)
).add_extension(x509.BasicConstraints(ca=True, path_length=0), critical=True, ).add_extension(x509.BasicConstraints(ca=True, path_length=0), critical=True,
).add_extension(x509.KeyUsage( ).add_extension(x509.KeyUsage(
digital_signature=server_flags, digital_signature=server_flags,

3
tests/test_cli.py
View File

@@ -13,7 +13,8 @@ def test_cli_setup_authority():
from certidude import const, config from certidude import const, config
from certidude import authority from certidude import authority
assert authority.ca_cert.serial_number == 1 assert authority.ca_cert.serial_number >= 0x100000000000000000000000000000000000000
assert authority.ca_cert.serial_number <= 0xfffffffffffffffffffffffffffffffffffffff
assert authority.ca_cert.not_valid_before < datetime.now() assert authority.ca_cert.not_valid_before < datetime.now()
assert authority.ca_cert.not_valid_after > datetime.now() + timedelta(days=7000) assert authority.ca_cert.not_valid_after > datetime.now() + timedelta(days=7000)