openstack/devstack
Code Issues Proposed changes

Allow IP-based subject alt names

Browse Source 
... even when no other subject alt names provided

Previously, a non-voting job in barbican's gate would fail with something like

  X509 V3 routines:X509V3_parse_list:invalid null name:v3_utl.c:319:
  X509 V3 routines:DO_EXT_NCONF:invalid extension string:v3_conf.c:140:name=subjectAltName,section=DNS:pykmip-server,,IP:198.72.124.103
  X509 V3 routines:X509V3_EXT_nconf:error in extension:v3_conf.c:95:name=subjectAltName, value=DNS:pykmip-server,,IP:198.72.124.103

because we'd have an invalid empty string.

Change-Id: I5459b8976539924cd6cc6c1e681b6753a76b804c
This commit is contained in:
Tim Burke 2018-11-30 14:40:12 -08:00
parent 78a564bb03
commit 0137703825
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
lib/tls
View File

@ -252,7 +252,11 @@ function make_cert {
if [ "$common_name" != "$SERVICE_HOST" ]; then
if is_ipv4_address "$SERVICE_HOST" ; then
alt_names="$alt_names,IP:$SERVICE_HOST"
if [[ -z "$alt_names" ]]; then
alt_names="IP:$SERVICE_HOST"
else
alt_names="$alt_names,IP:$SERVICE_HOST"
fi
fi
fi