Skip to content

R
re6stnet
Commit 72d65119 authored by Joanne Hugé's avatar Joanne Hugé
Browse files
Options

Support networks whose prefix length is not a multiple of 4

parent c5f6154e
Hide whitespace changes
Inline Side-by-side
Showing with 9 additions and 3 deletions
re6st/cli/registry.py
View file @ 72d65119
......@@ -7,8 +7,11 @@ if 're6st' not in sys.modules:
sys.path[0] = os.path.dirname(os.path.dirname(sys.path[0]))
from re6st import registry, utils, version
# To generate server ca and key with serial for 2001:db8:42::/48
# openssl req -nodes -new -x509 -key ca.key -set_serial 0x120010db80042 -days 3650 -out ca.crt
# Registry certifiate serial number has the following format:
# - First half byte is: '0', prefix length % 4, '1'
# - The rest of the bytes is the network prefix
# Ex: To generate server ca and key with serial for 2001:db8:42::/47
# openssl req -nodes -new -x509 -key ca.key -set_serial 0x720010db80042 -days 3650 -out ca.crt
IPV6_V6ONLY = 26
SOL_IPV6 = 41
......
re6st/x509.py
View file @ 72d65119
......@@ -8,7 +8,10 @@ def newHmacSecret():
return utils.newHmacSecret(int(time.time() * 1000000))
def networkFromCa(ca):
return bin(ca.get_serial_number())[3:]
serial = ca.get_serial_number()
first_byte = int(hex(serial)[2], 16)
prefix = bin(serial)[2 + first_byte.bit_length():]
return prefix[:len(prefix) - (4 - (first_byte - 1) / 2) % 4]
def subnetFromCert(cert):
return cert.get_subject().CN
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7