xCAT/confluent
2
0
Fork 0
mirror of https://github.com/xcat2/confluent.git synced 2026-04-29 11:57:49 +00:00
Code Issues Projects Releases Wiki Activity

Rework for older python cryptography compatibility

Browse Source
This commit is contained in:
Jarrod Johnson
2026-04-14 10:45:03 -04:00
parent 5250a3a67a
commit 2bd13c397d
1 changed files with 12 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
confluent_server/confluent/util.py
View File

@@ -278,15 +278,18 @@ class TLSCertVerifier(object):
if not certs:
return False
castore = verification.Store(certs)
_polbuilder = verification.PolicyBuilder()
eep = verification.ExtensionPolicy.permit_all().require_present(
x509.SubjectAlternativeName, verification.Criticality.AGNOSTIC, None).may_be_present(
x509.KeyUsage, verification.Criticality.AGNOSTIC, None)
cap = verification.ExtensionPolicy.webpki_defaults_ca().require_present(
x509.BasicConstraints, verification.Criticality.AGNOSTIC, None).may_be_present(
x509.KeyUsage, verification.Criticality.AGNOSTIC, None)
_polbuilder = _polbuilder.store(castore).extension_policies(
ee_policy=eep, ca_policy=cap)
_polbuilder = verification.PolicyBuilder().store(castore)
try:
eep = verification.ExtensionPolicy.permit_all().require_present(
x509.SubjectAlternativeName, verification.Criticality.AGNOSTIC, None).may_be_present(
x509.KeyUsage, verification.Criticality.AGNOSTIC, None)
cap = verification.ExtensionPolicy.webpki_defaults_ca().require_present(
x509.BasicConstraints, verification.Criticality.AGNOSTIC, None).may_be_present(
x509.KeyUsage, verification.Criticality.AGNOSTIC, None)
_polbuilder = _polbuilder.extension_policies(
ee_policy=eep, ca_policy=cap)
except AttributeError:
pass
try:
addr = ipaddress.ip_address(self.subject)
subject = x509.IPAddress(addr)