xCAT/confluent
2
0
Fork 0
mirror of https://github.com/xcat2/confluent.git synced 2026-01-10 18:12:30 +00:00
Code Issues Projects Releases Wiki Activity

Fix SAN generation

Browse Source 
The nameconstraint support missed
a branch, fix this.
This commit is contained in:
Jarrod Johnson
2025-11-07 11:22:12 -05:00
parent cc9a81103b
commit b07da455c2
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
confluent_server/confluent/certutil.py
View File

@@ -334,6 +334,7 @@ def create_certificate(keyout=None, certout=None, csrfile=None, subj=None, san=N
dnsnames = set(ipaddrs)
dnsnames.add(shortname)
dnsnames.add(longname)
else:
# nameconstraints preclude IP and shortname
san = []
dnsnames = set()
@@ -341,7 +342,6 @@ def create_certificate(keyout=None, certout=None, csrfile=None, subj=None, san=N
if longname.endswith(suffix):
dnsnames.add(longname)
break
break
for currip in ipaddrs:
currname = socket.getnameinfo((currip, 0), 0)[0]
for suffix in permitdomains: