upstream/certbot
1
0
Fork 0
mirror of https://github.com/certbot/certbot.git synced 2026-06-03 13:59:02 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

Merge pull request #10089 from jvanasco/fix-migrate_to_cryptography

Browse source 
switch `cert_and_chain_from_fullchain` to cryptography APIs
This commit is contained in:
Will Greenberg 2024-12-17 14:37:02 -08:00 committed by GitHub
commit 2d1d1cd534
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 7 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
AUTHORS.md
View file

@ -139,6 +139,7 @@ Authors
* [John Reed](https://github.com/leerspace)
* [Jonas Berlin](https://github.com/xkr47)
* [Jonathan Herlin](https://github.com/Jonher937)
* [Jonathan Vanasco](https://github.com/jvanasco)
* [Jon Walsh](https://github.com/code-tree)
* [Joona Hoikkala](https://github.com/joohoi)
* [Josh McCullough](https://github.com/JoshMcCullough)

9
certbot/certbot/crypto_util.py
View file

@ -594,10 +594,13 @@ def cert_and_chain_from_fullchain(fullchain_pem: str) -> Tuple[str, str]:
raise errors.Error("failed to parse fullchain into cert and chain: " +
"less than 2 certificates in chain")
# Second pass: for each certificate found, parse it using OpenSSL and re-encode it,
# Second pass: for each certificate found, parse it using cryptography and re-encode it,
# with the effect of normalizing any encoding variations (e.g. CRLF, whitespace).
certs_normalized = [crypto.dump_certificate(crypto.FILETYPE_PEM,
crypto.load_certificate(crypto.FILETYPE_PEM, cert)).decode() for cert in certs]
certs_normalized: List[str] = []
for cert_pem in certs:
cert = x509.load_pem_x509_certificate(cert_pem)
cert_pem = cert.public_bytes(Encoding.PEM)
certs_normalized.append(cert_pem.decode())
# Since each normalized cert has a newline suffix, no extra newlines are required.
return (certs_normalized[0], "".join(certs_normalized[1:]))