Commit 59e7da94 authored by Vincent Pelletier's avatar Vincent Pelletier Committed by Vincent Pelletier

http: Do not use chained add_extension syntax on a single statement.

For consistency with other places in caucase.
parent f15d0bad
...@@ -37,7 +37,7 @@ from .exceptions import ( ...@@ -37,7 +37,7 @@ from .exceptions import (
NotACertificateSigningRequest, NotACertificateSigningRequest,
) )
__all__ = ('CertificateAuthority', 'UserCertificateAuthority') __all__ = ('CertificateAuthority', 'UserCertificateAuthority', 'Extension')
_cryptography_backend = default_backend() _cryptography_backend = default_backend()
_AUTO_SIGNED_NO = 0 _AUTO_SIGNED_NO = 0
......
...@@ -41,7 +41,7 @@ import pem ...@@ -41,7 +41,7 @@ import pem
from . import exceptions from . import exceptions
from . import utils from . import utils
from .wsgi import Application from .wsgi import Application
from .ca import CertificateAuthority, UserCertificateAuthority from .ca import CertificateAuthority, UserCertificateAuthority, Extension
from .storage import SQLite3Storage from .storage import SQLite3Storage
from .http_wsgirequesthandler import WSGIRequestHandler from .http_wsgirequesthandler import WSGIRequestHandler
...@@ -226,33 +226,36 @@ def getSSLContext( ...@@ -226,33 +226,36 @@ def getSSLContext(
csr_id = cas.appendCertificateSigningRequest( csr_id = cas.appendCertificateSigningRequest(
csr_pem=utils.dump_certificate_request( csr_pem=utils.dump_certificate_request(
x509.CertificateSigningRequestBuilder( x509.CertificateSigningRequestBuilder(
).subject_name( subject_name=x509.Name([
x509.Name([
x509.NameAttribute( x509.NameAttribute(
oid=x509.oid.NameOID.COMMON_NAME, oid=x509.oid.NameOID.COMMON_NAME,
value=hostname.decode('ascii'), value=hostname.decode('ascii'),
), ),
]), ]),
).add_extension( extensions=[
x509.KeyUsage( Extension(
# pylint: disable=bad-whitespace x509.KeyUsage(
digital_signature =True, # pylint: disable=bad-whitespace
content_commitment=False, digital_signature =True,
key_encipherment =True, content_commitment=False,
data_encipherment =False, key_encipherment =True,
key_agreement =False, data_encipherment =False,
key_cert_sign =False, key_agreement =False,
crl_sign =False, key_cert_sign =False,
encipher_only =False, crl_sign =False,
decipher_only =False, encipher_only =False,
# pylint: enable=bad-whitespace decipher_only =False,
), # pylint: enable=bad-whitespace
critical=True, ),
).add_extension( critical=True,
x509.SubjectAlternativeName([ ),
x509.DNSName(hostname.decode('ascii')), Extension(
]), x509.SubjectAlternativeName([
critical=True, x509.DNSName(hostname.decode('ascii')),
]),
critical=True,
),
],
).sign( ).sign(
private_key=new_key, private_key=new_key,
algorithm=utils.DEFAULT_DIGEST_CLASS(), algorithm=utils.DEFAULT_DIGEST_CLASS(),
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment