valitydev/salt
14
0
Fork 0
mirror of https://github.com/valitydev/salt.git synced 2024-11-07 17:09:03 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

fix #36814

Browse Source
This commit is contained in:
Clint Armstrong 2016-10-10 16:54:33 -04:00
parent 86ac8bd680
commit dd50705e58
1 changed files with 20 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
salt/modules/x509.py
View File

@ -1225,6 +1225,9 @@ def create_csr(path=None, text=False, **kwargs):
text: text:
If ``True``, return the PEM text without writing to a file. Default ``False``. If ``True``, return the PEM text without writing to a file. Default ``False``.
algorithm:
The hashing algorithm to be used for signing this request. Defaults to sha256.
kwargs: kwargs:
The subject, extension and version arguments from The subject, extension and version arguments from
:mod:`x509.create_certificate <salt.modules.x509.create_certificate>` can be used. :mod:`x509.create_certificate <salt.modules.x509.create_certificate>` can be used.
@ -1243,10 +1246,23 @@ def create_csr(path=None, text=False, **kwargs):
csr = M2Crypto.X509.Request() csr = M2Crypto.X509.Request()
subject = csr.get_subject() subject = csr.get_subject()
for prop, default in six.iteritems(CERT_DEFAULTS):
if prop not in kwargs:
kwargs[prop] = default
csr.set_version(kwargs['version'] - 1) csr.set_version(kwargs['version'] - 1)
if 'private_key' not in kwargs and 'public_key' in kwargs:
kwargs['private_key'] = kwargs['public_key']
log.warning("OpenSSL no longer allows working with non-signed CSRs. A private_key must be specified. Attempting to use public_key as private_key")
if 'private_key' not in kwargs not in kwargs:
raise salt.exceptions.SaltInvocationError('private_key is required')
if 'public_key' not in kwargs: if 'public_key' not in kwargs:
raise salt.exceptions.SaltInvocationError('public_key is required') kwargs['public_key'] = kwargs['private_key']
csr.set_pubkey(get_public_key(kwargs['public_key'], asObj=True)) csr.set_pubkey(get_public_key(kwargs['public_key'], asObj=True))
for entry, num in six.iteritems(subject.nid): # pylint: disable=unused-variable for entry, num in six.iteritems(subject.nid): # pylint: disable=unused-variable
@ -1255,7 +1271,7 @@ def create_csr(path=None, text=False, **kwargs):
extstack = M2Crypto.X509.X509_Extension_Stack() extstack = M2Crypto.X509.X509_Extension_Stack()
for extname, extlongname in six.iteritems(EXT_NAME_MAPPINGS): for extname, extlongname in six.iteritems(EXT_NAME_MAPPINGS):
if extname not in kwargs or extlongname not in kwargs: if extname not in kwargs and extlongname not in kwargs:
continue continue
extval = kwargs[extname] or kwargs[extlongname] extval = kwargs[extname] or kwargs[extlongname]
@ -1275,6 +1291,8 @@ def create_csr(path=None, text=False, **kwargs):
csr.add_extensions(extstack) csr.add_extensions(extstack)
csr.sign(_get_private_key_obj(kwargs['private_key']), kwargs['algorithm'])
if path: if path:
return write_pem(text=csr.as_pem(), path=path, return write_pem(text=csr.as_pem(), path=path,
pem_type='CERTIFICATE REQUEST') pem_type='CERTIFICATE REQUEST')