lauri/certidude
1
0
Fork 0
mirror of https://github.com/laurivosandi/certidude synced 2025-10-31 01:19:11 +00:00
Code Issues Activity

Fix server certificate extensions for StrongSwan

Browse Source
This commit is contained in:
Lauri Võsandi
2017-04-13 15:12:56 +00:00
parent 02482e8d79
commit a22e1eb557
1 changed files with 13 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
certidude/signer.py
View File

@@ -79,7 +79,7 @@ class SignHandler(asynchat.async_chat):
extended_key_usage_flags.append( # OpenVPN client extended_key_usage_flags.append( # OpenVPN client
ExtendedKeyUsageOID.CLIENT_AUTH) ExtendedKeyUsageOID.CLIENT_AUTH)
cert = x509.CertificateBuilder( builder = x509.CertificateBuilder(
).subject_name( ).subject_name(
x509.Name([common_name]) x509.Name([common_name])
).serial_number(random.randint( ).serial_number(random.randint(
@@ -145,7 +145,18 @@ class SignHandler(asynchat.async_chat):
x509.AuthorityKeyIdentifier.from_issuer_public_key( x509.AuthorityKeyIdentifier.from_issuer_public_key(
self.server.certificate.public_key()), self.server.certificate.public_key()),
critical=False critical=False
).sign(self.server.private_key, hashes.SHA512(), default_backend()) )
# OpenVPN uses CN while StrongSwan uses SAN
if server_flags:
builder = builder.add_extension(
x509.SubjectAlternativeName(
[x509.DNSName(common_name.value)]
),
critical=False
)
cert = builder.sign(self.server.private_key, hashes.SHA512(), default_backend())
self.send(cert.public_bytes(serialization.Encoding.PEM)) self.send(cert.public_bytes(serialization.Encoding.PEM))
else: else: