andykimpe / rpms / 389-ds-base

Forked from rpms/389-ds-base 5 months ago
Clone

Blame SOURCES/0016-Issue-4460-BUG-add-machine-name-to-subject-alt-names.patch

27c138
From 3007700a659ede03085f5390153cce483ce987a1 Mon Sep 17 00:00:00 2001
27c138
From: Firstyear <william@blackhats.net.au>
27c138
Date: Fri, 4 Dec 2020 10:14:33 +1000
27c138
Subject: [PATCH] Issue 4460 - BUG - add machine name to subject alt names in
27c138
 SSCA (#4472)
27c138
27c138
Bug Description: During SSCA creation, the server cert did not have
27c138
the machine name, which meant that the cert would not work without
27c138
reqcert = never.
27c138
27c138
Fix Description: Add the machine name as an alt name during SSCA
27c138
creation. It is not guaranteed this value is correct, but it
27c138
is better than nothing.
27c138
27c138
relates: https://github.com/389ds/389-ds-base/issues/4460
27c138
27c138
Author: William Brown <william@blackhats.net.au>
27c138
27c138
Review by: mreynolds389, droideck
27c138
---
27c138
 src/lib389/lib389/instance/setup.py | 2 +-
27c138
 1 file changed, 1 insertion(+), 1 deletion(-)
27c138
27c138
diff --git a/src/lib389/lib389/instance/setup.py b/src/lib389/lib389/instance/setup.py
27c138
index 7d42ba292..e46f2d1e5 100644
27c138
--- a/src/lib389/lib389/instance/setup.py
27c138
+++ b/src/lib389/lib389/instance/setup.py
27c138
@@ -887,7 +887,7 @@ class SetupDs(object):
27c138
                         tlsdb_inst = NssSsl(dbpath=os.path.join(etc_dirsrv_path, dir))
27c138
                         tlsdb_inst.import_rsa_crt(ca)
27c138
 
27c138
-            csr = tlsdb.create_rsa_key_and_csr()
27c138
+            csr = tlsdb.create_rsa_key_and_csr(alt_names=[general['full_machine_name']])
27c138
             (ca, crt) = ssca.rsa_ca_sign_csr(csr)
27c138
             tlsdb.import_rsa_crt(ca, crt)
27c138
             if general['selinux']:
27c138
-- 
27c138
2.26.2
27c138