diff options
| author | Christian Heimes <christian@python.org> | 2016-09-06 21:27:06 (GMT) |
|---|---|---|
| committer | Christian Heimes <christian@python.org> | 2016-09-06 21:27:06 (GMT) |
| commit | fe3c9c1ee9d59f0b1d174210132e71037fd7f2e8 (patch) | |
| tree | 850214f33ff477feeac47de3990ae6c11dd7f37b /Lib/test/make_ssl_certs.py | |
| parent | 87bf0febcb59a389eb62bcb467b7ec9c4974be49 (diff) | |
| parent | 1c03abd0262f658fc420d3bef6118e49044b9d8b (diff) | |
| download | cpython-fe3c9c1ee9d59f0b1d174210132e71037fd7f2e8.zip cpython-fe3c9c1ee9d59f0b1d174210132e71037fd7f2e8.tar.gz cpython-fe3c9c1ee9d59f0b1d174210132e71037fd7f2e8.tar.bz2 | |
Issue #27691: Fix ssl module's parsing of GEN_RID subject alternative name fields in X.509 certs.
Diffstat (limited to 'Lib/test/make_ssl_certs.py')
| -rw-r--r-- | Lib/test/make_ssl_certs.py | 49 |
1 files changed, 45 insertions, 4 deletions
diff --git a/Lib/test/make_ssl_certs.py b/Lib/test/make_ssl_certs.py index e4326d7..4d9f01b 100644 --- a/Lib/test/make_ssl_certs.py +++ b/Lib/test/make_ssl_certs.py @@ -19,7 +19,28 @@ req_template = """ CN = {hostname} [req_x509_extensions] - subjectAltName = DNS:{hostname} + subjectAltName = @san + + [san] + DNS.1 = {hostname} + {extra_san} + + [dir_sect] + C = XY + L = Castle Anthrax + O = Python Software Foundation + CN = dirname example + + [princ_name] + realm = EXP:0, GeneralString:KERBEROS.REALM + principal_name = EXP:1, SEQUENCE:principal_seq + + [principal_seq] + name_type = EXP:0, INTEGER:1 + name_string = EXP:1, SEQUENCE:principals + + [principals] + princ1 = GeneralString:username [ ca ] default_ca = CA_default @@ -66,7 +87,7 @@ req_template = """ here = os.path.abspath(os.path.dirname(__file__)) -def make_cert_key(hostname, sign=False): +def make_cert_key(hostname, sign=False, extra_san=''): print("creating cert for " + hostname) tempnames = [] for i in range(3): @@ -74,8 +95,9 @@ def make_cert_key(hostname, sign=False): tempnames.append(f.name) req_file, cert_file, key_file = tempnames try: + req = req_template.format(hostname=hostname, extra_san=extra_san) with open(req_file, 'w') as f: - f.write(req_template.format(hostname=hostname)) + f.write(req) args = ['req', '-new', '-days', '3650', '-nodes', '-newkey', 'rsa:1024', '-keyout', key_file, '-config', req_file] @@ -119,7 +141,7 @@ def make_ca(): f.write('unique_subject = no') with tempfile.NamedTemporaryFile("w") as t: - t.write(req_template.format(hostname='our-ca-server')) + t.write(req_template.format(hostname='our-ca-server', extra_san='')) t.flush() with tempfile.NamedTemporaryFile() as f: args = ['req', '-new', '-days', '3650', '-extensions', 'v3_ca', '-nodes', @@ -170,6 +192,25 @@ if __name__ == '__main__': f.write(key) f.write(cert) + extra_san = [ + 'otherName.1 = 1.2.3.4;UTF8:some other identifier', + 'otherName.2 = 1.3.6.1.5.2.2;SEQUENCE:princ_name', + 'email.1 = user@example.org', + 'DNS.2 = www.example.org', + # GEN_X400 + 'dirName.1 = dir_sect', + # GEN_EDIPARTY + 'URI.1 = https://www.python.org/', + 'IP.1 = 127.0.0.1', + 'IP.2 = ::1', + 'RID.1 = 1.2.3.4.5', + ] + + cert, key = make_cert_key('allsans', extra_san='\n'.join(extra_san)) + with open('allsans.pem', 'w') as f: + f.write(key) + f.write(cert) + unmake_ca() print("\n\nPlease change the values in test_ssl.py, test_parse_cert function related to notAfter,notBefore and serialNumber") check_call(['openssl','x509','-in','keycert.pem','-dates','-serial','-noout']) |