upstream/certbot
1
0
Fork 0
mirror of https://github.com/certbot/certbot.git synced 2026-06-03 13:59:02 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

switch cert_and_chain_from_fullchain to cryptography

Browse source
This commit is contained in:
jonathan vanasco 2024-12-16 15:24:38 -05:00
parent b16c64a05b
commit 9d1fccf53a
1 changed files with 6 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
certbot/certbot/crypto_util.py
View file

@ -593,10 +593,13 @@ def cert_and_chain_from_fullchain(fullchain_pem: str) -> Tuple[str, str]:
raise errors.Error("failed to parse fullchain into cert and chain: " +
"less than 2 certificates in chain")
# Second pass: for each certificate found, parse it using OpenSSL and re-encode it,
# Second pass: for each certificate found, parse it using cryptography and re-encode it,
# with the effect of normalizing any encoding variations (e.g. CRLF, whitespace).
certs_normalized = [crypto.dump_certificate(crypto.FILETYPE_PEM,
crypto.load_certificate(crypto.FILETYPE_PEM, cert)).decode() for cert in certs]
certs_normalized: List[str] = []
for cert_pem in certs:
cert = x509.load_pem_x509_certificate(cert_pem)
cert_pem = cert.public_bytes(serialization.Encoding.PEM)
certs_normalized.append(cert_pem.decode())
# Since each normalized cert has a newline suffix, no extra newlines are required.
return (certs_normalized[0], "".join(certs_normalized[1:]))