YunoHost/yunohost
1
0
Fork 0
mirror of https://github.com/YunoHost/yunohost.git synced 2024-09-03 20:06:10 +02:00
Code Issues Projects Releases Packages Wiki Activity

Do not include xmpp-upload in certificates of "child" domains

Browse source 
Co-Authored-By: Alexandre Aubin <alex.aubin@mailoo.org>
This commit is contained in:
pitchum 2020-04-22 10:34:40 +02:00 committed by GitHub
parent 22c88dc47e
commit c42f7172f7
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 9 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
src/yunohost/certificate.py
View file

@ -639,13 +639,15 @@ def _prepare_certificate_signing_request(domain, key_file, output_folder):
# Set the domain
csr.get_subject().CN = domain
# Include xmpp-upload subdomain in subject alternate names
subdomain="xmpp-upload." + domain
try:
_dns_ip_match_public_ip(get_public_ip(), subdomain)
csr.add_extensions([crypto.X509Extension("subjectAltName", False, "DNS:" + subdomain)])
except YunohostError:
logger.warning(m18n.n('certmanager_warning_subdomain_dns_record', subdomain=subdomain, domain=domain))
from yunohost.domain import domain_list
# For "parent" domains, include xmpp-upload subdomain in subject alternate names
if domain in domain_list(exclude_subdomains=True)["domains"]:
subdomain="xmpp-upload." + domain
try:
_dns_ip_match_public_ip(get_public_ip(), subdomain)
csr.add_extensions([crypto.X509Extension("subjectAltName", False, "DNS:" + subdomain)])
except YunohostError:
logger.warning(m18n.n('certmanager_warning_subdomain_dns_record', subdomain=subdomain, domain=domain))
# Set the key
with open(key_file, 'rt') as f: