Don't use ipv6 for DNS SAN fields with python3
Python2 match routines for x509 fields are broken and have to use the DNS field for ip addresses. The problem is that if you use ipv6 addresses in the DNS field, urllib3 fails when trying to encode it. Since python3 match routines for x509 fields are correct, this patch disables the hack for python3, encoding the ip address in the corresponding field only of the certificate. Partial-Bug: #1794929 Depends-On: https://review.openstack.org/#/c/608468 Change-Id: I7b9cb15ccfa181648afb12be51ee48bed14f9156 Signed-off-by: aojeagarcia <aojeagarcia@suse.com>
This commit is contained in:
parent
02ca8da102
commit
9a543a81ac
6
lib/tls
6
lib/tls
@ -227,10 +227,14 @@ function init_CA {
|
||||
function init_cert {
|
||||
if [[ ! -r $DEVSTACK_CERT ]]; then
|
||||
if [[ -n "$TLS_IP" ]]; then
|
||||
# Lie to let incomplete match routines work
|
||||
if python3_enabled; then
|
||||
TLS_IP="IP:$TLS_IP"
|
||||
else
|
||||
# Lie to let incomplete match routines work with python2
|
||||
# see https://bugs.python.org/issue23239
|
||||
TLS_IP="DNS:$TLS_IP,IP:$TLS_IP"
|
||||
fi
|
||||
fi
|
||||
make_cert $INT_CA_DIR $DEVSTACK_CERT_NAME $DEVSTACK_HOSTNAME "$TLS_IP"
|
||||
|
||||
# Create a cert bundle
|
||||
|
Loading…
Reference in New Issue
Block a user