From e2f7b09b18b6c1306fae3c2c951f412324174229 Mon Sep 17 00:00:00 2001 From: David Klaftenegger Date: Sun, 30 May 2021 15:47:15 +0200 Subject: [PATCH] certs already contain idna domain names The idna_convert call here does nothing: when reading a certificate, it already contains idna domain names. Converting them to idna is equivalent to the identity function, and can thus be removed. --- README.md | 4 ++-- acertmgr/tools.py | 3 +-- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index ac3a5bb..61b1ca1 100644 --- a/README.md +++ b/README.md @@ -12,7 +12,7 @@ Requirements ------------ * Python (2.7+ and 3.5+ should work) - * cryptography>=0.6 (usually includes the optional idna module) + * cryptography>=2.1 (older versions break idna handling) Optional requirements (to use specified features) ------------------------------------------------------ @@ -121,4 +121,4 @@ Please keep the following in mind when using this software: * Create a dedicated user for acertmgr (e.g. acertmgr) * Run a acertmgr as that user (add acertmgr to that users cron!) * Access rights to read/write all files configured with the created user - * Run any programs/scripts defined on cert update as the created user (might need work-arounds with sudo or wrapper scripts) \ No newline at end of file + * Run any programs/scripts defined on cert update as the created user (might need work-arounds with sudo or wrapper scripts) diff --git a/acertmgr/tools.py b/acertmgr/tools.py index 356551b..213a893 100644 --- a/acertmgr/tools.py +++ b/acertmgr/tools.py @@ -243,8 +243,7 @@ def get_cert_domains(cert): if san_cert: for d in san_cert.value: domains.add(d.value) - # Convert IDNA domain to correct representation and return the list - return [x for x, _ in idna_convert(domains)] + return domains # @brief determine certificate cn