40 lines
1.4 KiB
Diff
40 lines
1.4 KiB
Diff
|
From 3007700a659ede03085f5390153cce483ce987a1 Mon Sep 17 00:00:00 2001
|
||
|
From: Firstyear <william@blackhats.net.au>
|
||
|
Date: Fri, 4 Dec 2020 10:14:33 +1000
|
||
|
Subject: [PATCH] Issue 4460 - BUG - add machine name to subject alt names in
|
||
|
SSCA (#4472)
|
||
|
|
||
|
Bug Description: During SSCA creation, the server cert did not have
|
||
|
the machine name, which meant that the cert would not work without
|
||
|
reqcert = never.
|
||
|
|
||
|
Fix Description: Add the machine name as an alt name during SSCA
|
||
|
creation. It is not guaranteed this value is correct, but it
|
||
|
is better than nothing.
|
||
|
|
||
|
relates: https://github.com/389ds/389-ds-base/issues/4460
|
||
|
|
||
|
Author: William Brown <william@blackhats.net.au>
|
||
|
|
||
|
Review by: mreynolds389, droideck
|
||
|
---
|
||
|
src/lib389/lib389/instance/setup.py | 2 +-
|
||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||
|
|
||
|
diff --git a/src/lib389/lib389/instance/setup.py b/src/lib389/lib389/instance/setup.py
|
||
|
index 7d42ba292..e46f2d1e5 100644
|
||
|
--- a/src/lib389/lib389/instance/setup.py
|
||
|
+++ b/src/lib389/lib389/instance/setup.py
|
||
|
@@ -887,7 +887,7 @@ class SetupDs(object):
|
||
|
tlsdb_inst = NssSsl(dbpath=os.path.join(etc_dirsrv_path, dir))
|
||
|
tlsdb_inst.import_rsa_crt(ca)
|
||
|
|
||
|
- csr = tlsdb.create_rsa_key_and_csr()
|
||
|
+ csr = tlsdb.create_rsa_key_and_csr(alt_names=[general['full_machine_name']])
|
||
|
(ca, crt) = ssca.rsa_ca_sign_csr(csr)
|
||
|
tlsdb.import_rsa_crt(ca, crt)
|
||
|
if general['selinux']:
|
||
|
--
|
||
|
2.26.2
|
||
|
|