diff options
Diffstat (limited to 'base/server/python/pki/server')
| -rw-r--r-- | base/server/python/pki/server/deployment/pkihelper.py | 9 | ||||
| -rw-r--r-- | base/server/python/pki/server/deployment/pkiparser.py | 3 |
2 files changed, 12 insertions, 0 deletions
diff --git a/base/server/python/pki/server/deployment/pkihelper.py b/base/server/python/pki/server/deployment/pkihelper.py index 7f46c1f8b..884215e85 100644 --- a/base/server/python/pki/server/deployment/pkihelper.py +++ b/base/server/python/pki/server/deployment/pkihelper.py @@ -463,6 +463,11 @@ class ConfigurationFile: self.mdict['pki_skip_configuration']) self.standalone = config.str2bool(self.mdict['pki_standalone']) self.subordinate = config.str2bool(self.mdict['pki_subordinate']) + # server cert san injection support + self.san_inject = config.str2bool(self.mdict['pki_san_inject']) + if self.san_inject: + self.confirm_data_exists('pki_san_for_server_cert') + self.san_for_server_cert = self.mdict['pki_san_for_server_cert'] # set useful 'string' object variables for this class self.subsystem = self.mdict['pki_subsystem'] @@ -3637,6 +3642,7 @@ class ConfigClient: self.add_req_ext = config.str2bool( self.mdict['pki_req_ext_add']) self.security_domain_type = self.mdict['pki_security_domain_type'] + self.san_inject = config.str2bool(self.mdict['pki_san_inject']) def configure_pki_data(self, data): config.pki_log.info( @@ -4335,6 +4341,9 @@ class ConfigClient: cert.nickname = self.mdict["pki_%s_nickname" % tag] cert.subjectDN = self.mdict["pki_%s_subject_dn" % tag] cert.token = self.mdict["pki_%s_token" % tag] + if tag == 'ssl_server' and self.san_inject: + cert.san_for_server_cert = \ + self.mdict['pki_san_for_server_cert'] return cert def retrieve_existing_server_cert(self, cfg_file): diff --git a/base/server/python/pki/server/deployment/pkiparser.py b/base/server/python/pki/server/deployment/pkiparser.py index e37b0e4a5..e93f1717e 100644 --- a/base/server/python/pki/server/deployment/pkiparser.py +++ b/base/server/python/pki/server/deployment/pkiparser.py @@ -588,6 +588,9 @@ class PKIConfigParser: if not 'pki_subordinate' in self.mdict or\ not len(self.mdict['pki_subordinate']): self.mdict['pki_subordinate'] = "false" + if not 'pki_san_inject' in self.mdict or\ + not len(self.mdict['pki_san_inject']): + self.mdict['pki_san_inject'] = "false" # PKI Target (slot substitution) name/value pairs self.mdict['pki_target_cs_cfg'] = \ |