From 76c96a16d3fa3c851636e322b2e9dda4283f816a Mon Sep 17 00:00:00 2001 From: Ewoud Kohl van Wijngaarden Date: Wed, 15 May 2024 17:40:48 +0200 Subject: [PATCH] Support IP addresses in subjectAltName --- katello_certs_tools/sslToolConfig.py | 21 +++++++++++++++++---- 1 file changed, 17 insertions(+), 4 deletions(-) diff --git a/katello_certs_tools/sslToolConfig.py b/katello_certs_tools/sslToolConfig.py index bb34fd5..9210b84 100644 --- a/katello_certs_tools/sslToolConfig.py +++ b/katello_certs_tools/sslToolConfig.py @@ -441,17 +441,30 @@ def figureDEFS_distinguishing(options): def gen_req_alt_names(d, hostname): """ generates the alt_names section of the *-openssl.cnf file """ - i = 0 result = '' dnsname = [hostname] if '--set-cname' in d and d['--set-cname']: dnsname.extend(d['--set-cname']) - for name in dnsname: - i += 1 - result += "DNS.%d = %s\n" % (i, name) + for i, name in enumerate(dnsname): + if isIP(name): + result += "IP.%d = %s\n" % (i, name) + else: + result += "DNS.%d = %s\n" % (i, name) return result +def isIP(name): + try: + socket.inet_pton(socket.AF_INET, name) + return True + except socket.error: + try: + socket.inet_pton(socket.AF_INET6, name) + return True + except socket.error: + return False + + def gen_req_distinguished_name(d): """ generates the req_distinguished section of the *-openssl.cnf file """