From 0f3ffaade0193e1fc330d51204c0b5748dec47c7 Mon Sep 17 00:00:00 2001
From: Marti Raudsepp <marti@juffo.org>
Date: Sat, 17 Dec 2016 02:27:25 +0200
Subject: [PATCH] Fall back to CN for CA name when organization is not
 available (#607)

In-house CAs may not have the organization field filled out.
---
 lemur/common/defaults.py | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/lemur/common/defaults.py b/lemur/common/defaults.py
index 6f1aff67..97073a29 100644
--- a/lemur/common/defaults.py
+++ b/lemur/common/defaults.py
@@ -186,19 +186,23 @@ def bitstrength(cert):
 
 def issuer(cert):
     """
-    Gets a sane issuer from a given certificate.
+    Gets a sane issuer name from a given certificate.
 
     :param cert:
     :return: Issuer
     """
     delchars = ''.join(c for c in map(chr, range(256)) if not c.isalnum())
     try:
-        issuer = str(cert.issuer.get_attributes_for_oid(x509.OID_ORGANIZATION_NAME)[0].value)
+        # Try organization name or fall back to CN
+        issuer = (cert.issuer.get_attributes_for_oid(x509.OID_ORGANIZATION_NAME)
+                  or cert.issuer.get_attributes_for_oid(x509.OID_COMMON_NAME))
+        issuer = str(issuer[0].value)
         for c in delchars:
             issuer = issuer.replace(c, "")
         return issuer
     except Exception as e:
         current_app.logger.error("Unable to get issuer! {0}".format(e))
+        return "Unknown"
 
 
 def not_before(cert):