0x2620/peerlink
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

fix cert creation

Browse source
This commit is contained in:
j 2014-11-06 23:22:00 +01:00
parent ec5413beb7
commit 7eb77245c3
1 changed files with 6 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
peerlink/tls.py
View file

@ -26,12 +26,12 @@ def create_certificate(tls_key_path, tls_cert_path, USER_ID):
ca.set_issuer(ca.get_subject()) ca.set_issuer(ca.get_subject())
ca.set_pubkey(key) ca.set_pubkey(key)
ca.add_extensions([ ca.add_extensions([
OpenSSL.crypto.X509Extension("basicConstraints", True, "CA:TRUE, pathlen:0"), OpenSSL.crypto.X509Extension(b"basicConstraints", True, b"CA:TRUE, pathlen:0"),
OpenSSL.crypto.X509Extension("nsCertType", True, "sslCA"), OpenSSL.crypto.X509Extension(b"nsCertType", True, b"sslCA"),
OpenSSL.crypto.X509Extension("extendedKeyUsage", True, OpenSSL.crypto.X509Extension(b"extendedKeyUsage", True,
"serverAuth,clientAuth,emailProtection,timeStamping,msCodeInd,msCodeCom,msCTLSign,msSGC,msEFS,nsSGC"), b"serverAuth,clientAuth,emailProtection,timeStamping,msCodeInd,msCodeCom,msCTLSign,msSGC,msEFS,nsSGC"),
OpenSSL.crypto.X509Extension("keyUsage", False, "keyCertSign, cRLSign"), OpenSSL.crypto.X509Extension(b"keyUsage", False, b"keyCertSign, cRLSign"),
OpenSSL.crypto.X509Extension("subjectKeyIdentifier", False, "hash", subject=ca), OpenSSL.crypto.X509Extension(b"subjectKeyIdentifier", False, b"hash", subject=ca),
]) ])
ca.sign(key, "sha1") ca.sign(key, "sha1")
with open(tls_cert_path, 'wb') as fd: with open(tls_cert_path, 'wb') as fd: