-
-
Notifications
You must be signed in to change notification settings - Fork 608
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix subjectAltName for self-signed certificates #1128
Fix subjectAltName for self-signed certificates #1128
Conversation
In some cases the `subjectAltName` for self-signed SSL certificates were invalid due to `DNS:` being both prepended *and* appended to each domain when it should only be a prefix. This tweaks `regex_replace` to anchor at the start of the string only. Before: ``` subjectAltName = DNS:example.testDNS:,DNS:www.example.testDNS: ``` After: ``` subjectAltName = DNS:example.test,DNS:www.example.test ```
@robrecord want to try this out? |
```bash ansible-playbook test.yml ``` `.cnf` should be generated under `test` directory.
How do you reproduce the extraneous This is my setup: tangrufus@07e3caf
|
Please ignore me. I can reproduce the issue using python 3 and this pull request fixes it. |
Ah glad to know it was the Python version that mattered and thanks for testing 🎉 As long as this still works as it should in Python 2 as well... |
This patch also works on python 2 + anisble v2.7 & v2.8 👏 |
I am just now upgrading an old trellis install with the DNS: problem, and after doing all the things, I can confirm your fix works for me. Python 3.7.6, Ansible v2.8.8 Things I did — not sure if all necessary:
Thanks @swalkinshaw & @tangrufus , somehow I didn't see this PR at the time. |
Ref: #1117
In some cases the
subjectAltName
for self-signed SSL certificates wereinvalid due to
DNS:
being both prepended and appended to each domainwhen it should only be a prefix.
This tweaks
regex_replace
to anchor at the start of the string only.Before:
After: