From 9d1fccf53a64302c68805ad7190ef168366d5e41 Mon Sep 17 00:00:00 2001 From: jonathan vanasco Date: Mon, 16 Dec 2024 15:24:38 -0500 Subject: [PATCH] switch `cert_and_chain_from_fullchain` to cryptography --- certbot/certbot/crypto_util.py | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/certbot/certbot/crypto_util.py b/certbot/certbot/crypto_util.py index d5b5c7f30..9e6af1988 100644 --- a/certbot/certbot/crypto_util.py +++ b/certbot/certbot/crypto_util.py @@ -593,10 +593,13 @@ def cert_and_chain_from_fullchain(fullchain_pem: str) -> Tuple[str, str]: raise errors.Error("failed to parse fullchain into cert and chain: " + "less than 2 certificates in chain") - # Second pass: for each certificate found, parse it using OpenSSL and re-encode it, + # Second pass: for each certificate found, parse it using cryptography and re-encode it, # with the effect of normalizing any encoding variations (e.g. CRLF, whitespace). - certs_normalized = [crypto.dump_certificate(crypto.FILETYPE_PEM, - crypto.load_certificate(crypto.FILETYPE_PEM, cert)).decode() for cert in certs] + certs_normalized: List[str] = [] + for cert_pem in certs: + cert = x509.load_pem_x509_certificate(cert_pem) + cert_pem = cert.public_bytes(serialization.Encoding.PEM) + certs_normalized.append(cert_pem.decode()) # Since each normalized cert has a newline suffix, no extra newlines are required. return (certs_normalized[0], "".join(certs_normalized[1:]))