Support IP addresses in subjectAltName

Katello · May 15, 2024 · 76c96a1 · 76c96a1
1 parent 2210541
commit 76c96a1
Showing 1 changed file with 17 additions and 4 deletions.
diff --git a/katello_certs_tools/sslToolConfig.py b/katello_certs_tools/sslToolConfig.py
@@ -441,17 +441,30 @@ def figureDEFS_distinguishing(options):
 
 def gen_req_alt_names(d, hostname):
     """ generates the alt_names section of the *-openssl.cnf file """
-    i = 0
     result = ''
     dnsname = [hostname]
     if '--set-cname' in d and d['--set-cname']:
         dnsname.extend(d['--set-cname'])
-    for name in dnsname:
-        i += 1
-        result += "DNS.%d = %s\n" % (i, name)
+    for i, name in enumerate(dnsname):
+        if isIP(name):
+            result += "IP.%d = %s\n" % (i, name)
+        else:
+            result += "DNS.%d = %s\n" % (i, name)
     return result
 
 
+def isIP(name):
+    try:
+        socket.inet_pton(socket.AF_INET, name)
+        return True
+    except socket.error:
+        try:
+            socket.inet_pton(socket.AF_INET6, name)
+            return True
+        except socket.error:
+            return False
+
+
 def gen_req_distinguished_name(d):
     """ generates the req_distinguished section of the *-openssl.cnf file """