certs already contain idna domain names

The idna_convert call here does nothing: when reading a certificate, it already contains idna domain names. Converting them to idna is equivalent to the identity function, and can thus be removed.
2021-05-30 15:47:15 +02:00 · 2021-05-30 15:47:15 +02:00 · e2f7b09b18
parent 93e28437ff
commit e2f7b09b18
2 changed files with 3 additions and 4 deletions
--- a/README.md
+++ b/README.md
@ -12,7 +12,7 @@ Requirements
 ------------

  * Python (2.7+ and 3.5+ should work)
-  * cryptography>=0.6 (usually includes the optional idna module)
+  * cryptography>=2.1 (older versions break idna handling)

 Optional requirements (to use specified features)
 ------------------------------------------------------
@ -121,4 +121,4 @@ Please keep the following in mind when using this software:
     * Create a dedicated user for acertmgr (e.g. acertmgr)
     * Run a acertmgr as that user (add acertmgr to that users cron!)
     * Access rights to read/write all files configured with the created user
-     * Run any programs/scripts defined on cert update as the created user (might need work-arounds with sudo or wrapper scripts)
+     * Run any programs/scripts defined on cert update as the created user (might need work-arounds with sudo or wrapper scripts)
--- a/acertmgr/tools.py
+++ b/acertmgr/tools.py
@ -243,8 +243,7 @@ def get_cert_domains(cert):
    if san_cert:
        for d in san_cert.value:
            domains.add(d.value)
-    # Convert IDNA domain to correct representation and return the list
-    return [x for x, _ in idna_convert(domains)]
+    return domains


 # @brief determine certificate cn