Fall back to CN for CA name when organization is not available (#607)

In-house CAs may not have the organization field filled out.
This commit is contained in:
Marti Raudsepp 2016-12-17 02:27:25 +02:00 committed by kevgliss
parent 156b98f7f0
commit 0f3ffaade0
1 changed files with 6 additions and 2 deletions

View File

@ -186,19 +186,23 @@ def bitstrength(cert):
def issuer(cert): def issuer(cert):
""" """
Gets a sane issuer from a given certificate. Gets a sane issuer name from a given certificate.
:param cert: :param cert:
:return: Issuer :return: Issuer
""" """
delchars = ''.join(c for c in map(chr, range(256)) if not c.isalnum()) delchars = ''.join(c for c in map(chr, range(256)) if not c.isalnum())
try: try:
issuer = str(cert.issuer.get_attributes_for_oid(x509.OID_ORGANIZATION_NAME)[0].value) # Try organization name or fall back to CN
issuer = (cert.issuer.get_attributes_for_oid(x509.OID_ORGANIZATION_NAME)
or cert.issuer.get_attributes_for_oid(x509.OID_COMMON_NAME))
issuer = str(issuer[0].value)
for c in delchars: for c in delchars:
issuer = issuer.replace(c, "") issuer = issuer.replace(c, "")
return issuer return issuer
except Exception as e: except Exception as e:
current_app.logger.error("Unable to get issuer! {0}".format(e)) current_app.logger.error("Unable to get issuer! {0}".format(e))
return "Unknown"
def not_before(cert): def not_before(cert):