URL: https://github.com/freeipa/freeipa/pull/947 Author: Rezney Title: #947: test_caless: add SAN dNSName extensions for wildcard tests Action: opened
PR body: """ It may happen that FQDN does not match with the domain mapped to the host. In this case we add wildcard for both domains. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/947/head:pr947 git checkout pr947
From 317ab4d5a57ed83e366ff54243d6bc01630e7c5f Mon Sep 17 00:00:00 2001 From: Michal Reznik <mrez...@redhat.com> Date: Fri, 28 Jul 2017 08:54:54 +0200 Subject: [PATCH] test_caless: add SAN dNSName extensions for wildcard tests It may happen that FQDN does not match with the domain mapped to the host. In this case we add wildcard for both domains. --- ipatests/test_integration/create_caless_pki.py | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/ipatests/test_integration/create_caless_pki.py b/ipatests/test_integration/create_caless_pki.py index ddad3f96bc..2eb5c8ee9a 100644 --- a/ipatests/test_integration/create_caless_pki.py +++ b/ipatests/test_integration/create_caless_pki.py @@ -162,7 +162,7 @@ def profile_ca(builder, ca_nick, ca): def profile_server(builder, ca_nick, ca, warp=datetime.timedelta(days=0), dns_name=None, - badusage=False): + badusage=False, wildcard=False): now = datetime.datetime.utcnow() + warp builder = builder.not_valid_before(now) @@ -204,6 +204,21 @@ def profile_server(builder, ca_nick, ca, critical=False ) + if wildcard: + server_domain = server1.split('.', 1)[1] + if domain != server_domain: + builder = builder.add_extension( + x509.SubjectAlternativeName([ + x509.DNSName(u'*.' + domain), + x509.DNSName(u'*.' + server_domain), + ]), + critical=False, + ) + else: + builder = builder.add_extension( + x509.SubjectAlternativeName([x509.DNSName(u'*.' + domain)]), + critical=False, + ) return builder @@ -488,7 +503,7 @@ def gen_subtree(nick_base, org, ca=None): x509.NameAttribute(NameOID.ORGANIZATION_NAME, org), x509.NameAttribute(NameOID.COMMON_NAME, u'*.' + domain) ]), - subca + subca, wildcard=True ) gen_server_certs(u'server', server1, org, subca) gen_server_certs(u'replica', server2, org, subca)
_______________________________________________ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org