From 9d1fccf53a64302c68805ad7190ef168366d5e41 Mon Sep 17 00:00:00 2001 From: jonathan vanasco Date: Mon, 16 Dec 2024 15:24:38 -0500 Subject: [PATCH 1/3] switch `cert_and_chain_from_fullchain` to cryptography --- certbot/certbot/crypto_util.py | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/certbot/certbot/crypto_util.py b/certbot/certbot/crypto_util.py index d5b5c7f30..9e6af1988 100644 --- a/certbot/certbot/crypto_util.py +++ b/certbot/certbot/crypto_util.py @@ -593,10 +593,13 @@ def cert_and_chain_from_fullchain(fullchain_pem: str) -> Tuple[str, str]: raise errors.Error("failed to parse fullchain into cert and chain: " + "less than 2 certificates in chain") - # Second pass: for each certificate found, parse it using OpenSSL and re-encode it, + # Second pass: for each certificate found, parse it using cryptography and re-encode it, # with the effect of normalizing any encoding variations (e.g. CRLF, whitespace). - certs_normalized = [crypto.dump_certificate(crypto.FILETYPE_PEM, - crypto.load_certificate(crypto.FILETYPE_PEM, cert)).decode() for cert in certs] + certs_normalized: List[str] = [] + for cert_pem in certs: + cert = x509.load_pem_x509_certificate(cert_pem) + cert_pem = cert.public_bytes(serialization.Encoding.PEM) + certs_normalized.append(cert_pem.decode()) # Since each normalized cert has a newline suffix, no extra newlines are required. return (certs_normalized[0], "".join(certs_normalized[1:])) From 1fa110c9d7131374f53c9af5b49e568b3930f044 Mon Sep 17 00:00:00 2001 From: jonathan vanasco Date: Mon, 16 Dec 2024 15:30:42 -0500 Subject: [PATCH 2/3] added to authors --- AUTHORS.md | 1 + 1 file changed, 1 insertion(+) diff --git a/AUTHORS.md b/AUTHORS.md index 78ed21215..130d68055 100644 --- a/AUTHORS.md +++ b/AUTHORS.md @@ -139,6 +139,7 @@ Authors * [John Reed](https://github.com/leerspace) * [Jonas Berlin](https://github.com/xkr47) * [Jonathan Herlin](https://github.com/Jonher937) +* [Jonathan Vanasco](https://github.com/jvanasco) * [Jon Walsh](https://github.com/code-tree) * [Joona Hoikkala](https://github.com/joohoi) * [Josh McCullough](https://github.com/JoshMcCullough) From 761c268934b10fc4e36a1d9edce952e59aa91cf3 Mon Sep 17 00:00:00 2001 From: jonathan vanasco Date: Mon, 16 Dec 2024 15:42:33 -0500 Subject: [PATCH 3/3] missed import level in port --- certbot/certbot/crypto_util.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/certbot/certbot/crypto_util.py b/certbot/certbot/crypto_util.py index 9e6af1988..9df0d22d6 100644 --- a/certbot/certbot/crypto_util.py +++ b/certbot/certbot/crypto_util.py @@ -598,7 +598,7 @@ def cert_and_chain_from_fullchain(fullchain_pem: str) -> Tuple[str, str]: certs_normalized: List[str] = [] for cert_pem in certs: cert = x509.load_pem_x509_certificate(cert_pem) - cert_pem = cert.public_bytes(serialization.Encoding.PEM) + cert_pem = cert.public_bytes(Encoding.PEM) certs_normalized.append(cert_pem.decode()) # Since each normalized cert has a newline suffix, no extra newlines are required.