lauri/certidude
1
0
Fork 0
mirror of https://github.com/laurivosandi/certidude synced 2025-10-31 09:29:13 +00:00
Code Issues Activity

cli: Fix extended key usage flags for authority setup script

Browse Source
This commit is contained in:
Lauri Võsandi
2016-03-29 19:43:50 +03:00
parent c644b065ef
commit a094db794b
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
certidude/cli.py
View File

@@ -778,7 +778,7 @@ def certidude_setup_production(username, hostname, push_server, nginx_config, uw
def certidude_setup_authority(parent, country, state, locality, organization, organizational_unit, common_name, directory, certificate_lifetime, authority_lifetime, revocation_list_lifetime, revoked_url, certificate_url, push_server, email_address, outbox, server_flags): def certidude_setup_authority(parent, country, state, locality, organization, organizational_unit, common_name, directory, certificate_lifetime, authority_lifetime, revocation_list_lifetime, revoked_url, certificate_url, push_server, email_address, outbox, server_flags):
from cryptography import x509 from cryptography import x509
from cryptography.x509.oid import NameOID from cryptography.x509.oid import NameOID, ExtendedKeyUsageOID
from cryptography.hazmat.backends import default_backend from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import hashes, serialization from cryptography.hazmat.primitives import hashes, serialization
from cryptography.hazmat.primitives.asymmetric import rsa from cryptography.hazmat.primitives.asymmetric import rsa
@@ -860,8 +860,8 @@ def certidude_setup_authority(parent, country, state, locality, organization, or
if server_flags: if server_flags:
builder = builder.add_extension(x509.ExtendedKeyUsage([ builder = builder.add_extension(x509.ExtendedKeyUsage([
ExtendedKeyUsageOID.CLIENT_AUTH, ExtendedKeyUsageOID.SERVER_AUTH,
ObjectIdentifier("1.3.6.1.5.5.8.2.2")])) x509.ObjectIdentifier("1.3.6.1.5.5.8.2.2")]), critical=False)
cert = builder.sign(key, hashes.SHA512(), default_backend()) cert = builder.sign(key, hashes.SHA512(), default_backend())