Browse Source

When generating self-signed certs, ensure cn length is <=64

When the fqdn of the machine is too long, we can go beyond the 64
character limit of the CN attribute for the SSL certificate. Let's
make sure we do not exceed that limit.

Change-Id: Idc3ad1743971a52902a832797070d5010b38d9e7
Javier Pena 1 month ago
parent
commit
a2decd62fc
1 changed files with 5 additions and 1 deletions
  1. 5
    1
      packstack/modules/ospluginutils.py

+ 5
- 1
packstack/modules/ospluginutils.py View File

@@ -115,7 +115,11 @@ def generate_ssl_cert(config, host, service, ssl_key_file, ssl_cert_file):
115 115
         subject.L = config['CONFIG_SSL_CERT_SUBJECT_L']
116 116
         subject.O = config['CONFIG_SSL_CERT_SUBJECT_O']
117 117
         subject.OU = config['CONFIG_SSL_CERT_SUBJECT_OU']
118
-        subject.CN = "%s/%s" % (service, fqdn)
118
+        cn = "%s/%s" % (service, fqdn)
119
+        # if subject.CN is more than 64 chars long, cert creation will fail
120
+        if len(cn) > 64:
121
+            cn = cn[0:63]
122
+        subject.CN = cn
119 123
         subject.emailAddress = mail
120 124
 
121 125
         cert.add_extensions([

Loading…
Cancel
Save