Allow IP-based subject alt names
... even when no other subject alt names provided Previously, a non-voting job in barbican's gate would fail with something like X509 V3 routines:X509V3_parse_list:invalid null name:v3_utl.c:319: X509 V3 routines:DO_EXT_NCONF:invalid extension string:v3_conf.c:140:name=subjectAltName,section=DNS:pykmip-server,,IP:198.72.124.103 X509 V3 routines:X509V3_EXT_nconf:error in extension:v3_conf.c:95:name=subjectAltName, value=DNS:pykmip-server,,IP:198.72.124.103 because we'd have an invalid empty string. Change-Id: I5459b8976539924cd6cc6c1e681b6753a76b804c
This commit is contained in:
parent
78a564bb03
commit
0137703825
4
lib/tls
4
lib/tls
@ -252,9 +252,13 @@ function make_cert {
|
|||||||
|
|
||||||
if [ "$common_name" != "$SERVICE_HOST" ]; then
|
if [ "$common_name" != "$SERVICE_HOST" ]; then
|
||||||
if is_ipv4_address "$SERVICE_HOST" ; then
|
if is_ipv4_address "$SERVICE_HOST" ; then
|
||||||
|
if [[ -z "$alt_names" ]]; then
|
||||||
|
alt_names="IP:$SERVICE_HOST"
|
||||||
|
else
|
||||||
alt_names="$alt_names,IP:$SERVICE_HOST"
|
alt_names="$alt_names,IP:$SERVICE_HOST"
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
# Only generate the certificate if it doesn't exist yet on the disk
|
# Only generate the certificate if it doesn't exist yet on the disk
|
||||||
if [ ! -r "$ca_dir/$cert_name.crt" ]; then
|
if [ ! -r "$ca_dir/$cert_name.crt" ]; then
|
||||||
|
Loading…
Reference in New Issue
Block a user