mirror of
https://github.com/laurivosandi/certidude
synced 2024-12-23 00:25:18 +00:00
Fix server certificate extensions for StrongSwan
This commit is contained in:
parent
02482e8d79
commit
a22e1eb557
@ -79,7 +79,7 @@ class SignHandler(asynchat.async_chat):
|
|||||||
extended_key_usage_flags.append( # OpenVPN client
|
extended_key_usage_flags.append( # OpenVPN client
|
||||||
ExtendedKeyUsageOID.CLIENT_AUTH)
|
ExtendedKeyUsageOID.CLIENT_AUTH)
|
||||||
|
|
||||||
cert = x509.CertificateBuilder(
|
builder = x509.CertificateBuilder(
|
||||||
).subject_name(
|
).subject_name(
|
||||||
x509.Name([common_name])
|
x509.Name([common_name])
|
||||||
).serial_number(random.randint(
|
).serial_number(random.randint(
|
||||||
@ -145,7 +145,18 @@ class SignHandler(asynchat.async_chat):
|
|||||||
x509.AuthorityKeyIdentifier.from_issuer_public_key(
|
x509.AuthorityKeyIdentifier.from_issuer_public_key(
|
||||||
self.server.certificate.public_key()),
|
self.server.certificate.public_key()),
|
||||||
critical=False
|
critical=False
|
||||||
).sign(self.server.private_key, hashes.SHA512(), default_backend())
|
)
|
||||||
|
|
||||||
|
# OpenVPN uses CN while StrongSwan uses SAN
|
||||||
|
if server_flags:
|
||||||
|
builder = builder.add_extension(
|
||||||
|
x509.SubjectAlternativeName(
|
||||||
|
[x509.DNSName(common_name.value)]
|
||||||
|
),
|
||||||
|
critical=False
|
||||||
|
)
|
||||||
|
|
||||||
|
cert = builder.sign(self.server.private_key, hashes.SHA512(), default_backend())
|
||||||
|
|
||||||
self.send(cert.public_bytes(serialization.Encoding.PEM))
|
self.send(cert.public_bytes(serialization.Encoding.PEM))
|
||||||
else:
|
else:
|
||||||
|
Loading…
Reference in New Issue
Block a user