openssl_certificate: make subject-alt-name identifier conistent with openssl_csr (#30151)
This commit is contained in:
parent
442af3744e
commit
1fe5171f1a
1 changed files with 4 additions and 4 deletions
|
@ -542,11 +542,11 @@ class AssertOnlyCertificate(Certificate):
|
||||||
for extension_idx in range(0, self.cert.get_extension_count()):
|
for extension_idx in range(0, self.cert.get_extension_count()):
|
||||||
extension = self.cert.get_extension(extension_idx)
|
extension = self.cert.get_extension(extension_idx)
|
||||||
if extension.get_short_name() == 'subjectAltName':
|
if extension.get_short_name() == 'subjectAltName':
|
||||||
l_subjectAltName = [altname.replace('IP', 'IP Address') for altname in self.subjectAltName]
|
l_altnames = [altname.replace('IP Address', 'IP') for altname in str(extension).split(', ')]
|
||||||
if (not self.subjectAltName_strict and not all(x in str(extension).split(', ') for x in l_subjectAltName)) or \
|
if (not self.subjectAltName_strict and not all(x in l_altnames for x in self.subjectAltName)) or \
|
||||||
(self.subjectAltName_strict and not set(l_subjectAltName) == set(str(extension).split(', '))):
|
(self.subjectAltName_strict and not set(self.subjectAltName) == set(l_altnames)):
|
||||||
self.message.append(
|
self.message.append(
|
||||||
'Invalid subjectAltName component (got %s, expected all of %s to be present)' % (str(extension).split(', '), l_subjectAltName)
|
'Invalid subjectAltName component (got %s, expected all of %s to be present)' % (l_altnames, self.subjectAltName)
|
||||||
)
|
)
|
||||||
|
|
||||||
def _validate_notBefore():
|
def _validate_notBefore():
|
||||||
|
|
Loading…
Reference in a new issue