Commit b2ea5517 authored by Vincent Pelletier's avatar Vincent Pelletier

http: Do not use a common name as https subject.

Otherwise, verification against IP-only CA certificate will fail, as
common name is sometimes used to contain a domain name (which is
deprecated in favour of alternative names, but still checked).
parent 1a47410e
...@@ -284,7 +284,7 @@ def getSSLContext( ...@@ -284,7 +284,7 @@ def getSSLContext(
x509.CertificateSigningRequestBuilder( x509.CertificateSigningRequestBuilder(
subject_name=x509.Name([ subject_name=x509.Name([
x509.NameAttribute( x509.NameAttribute(
oid=x509.oid.NameOID.COMMON_NAME, oid=x509.oid.NameOID.ORGANIZATIONAL_UNIT_NAME,
value=hostname_dnsname, value=hostname_dnsname,
), ),
]), ]),
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment