diff options
| author | Nick Lewis <nick@puppetlabs.com> | 2011-06-14 14:42:21 -0700 |
|---|---|---|
| committer | Nick Lewis <nick@puppetlabs.com> | 2011-06-14 16:56:17 -0700 |
| commit | 1d867b026dbfa38d44f042680acf708b42295882 (patch) | |
| tree | cf44506f1c3be2d40e631d3b52b4b4bdd2988a23 /lib/puppet | |
| parent | d1c965a2e1ddde3907ecf83303a832a6fd5c20e9 (diff) | |
| download | puppet-1d867b026dbfa38d44f042680acf708b42295882.tar.gz puppet-1d867b026dbfa38d44f042680acf708b42295882.tar.xz puppet-1d867b026dbfa38d44f042680acf708b42295882.zip | |
(#7224) Add a helper to Puppet::SSL::Certificate to retrieve alternate names
Alternate names, if present, are specified in the subjectAltName extension of
the certificate. The values are in the form:
"DNS:alternate_name1, DNS:alternate_name2"
This helper will retrieve the value of the subjectAltName extension and extract
the alternate names, returning and empty list if the extension is absent. This
will make it easier to access the entire list of possible names for a
certificate, rather than just the common name; this is helpful for generating
more detailed SSL error messages.
Paired-With: Jacob Helwig <jacob@puppetlabs.com>
Diffstat (limited to 'lib/puppet')
| -rw-r--r-- | lib/puppet/ssl/certificate.rb | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/lib/puppet/ssl/certificate.rb b/lib/puppet/ssl/certificate.rb index a0e600291..d57ac1a06 100644 --- a/lib/puppet/ssl/certificate.rb +++ b/lib/puppet/ssl/certificate.rb @@ -27,6 +27,12 @@ class Puppet::SSL::Certificate < Puppet::SSL::Base [:s] end + def alternate_names + alts = content.extensions.find{|ext| ext.oid == "subjectAltName"} + return [] unless alts + alts.value.split(/,\s+/).map{|al| al.sub(/^DNS:/,'')} + end + def expiration return nil unless content content.not_after |