Commit 38f1b018 authored by Titouan Soulard's avatar Titouan Soulard

recipe/certificate_authority: use UTF-8 for CA certificate

The CertificateAuthority tool in ERP5 uses UTF8 encoding for certificates,
but by default OpenSSL does not. This cause an error when using non-ascii
characters:

```
The localityName field is different between CA certificate and the request
```

To solve the problem, the Certificate Authority recipe should use the same
encoding as ERP5, which requires adding `-utf8` option when invoking
OpenSSL.

For instance, creating a certificate with `localityName` Москва
will give the following with the default OpenSSL encoding:
`\C3\90\C2\9C\C3\90\C2\BE\C3\91\C2\81\C3\90\C2\BA\C3\90\C2\B2\C3\90\C2\B0`.

UTF8-encoding this same string gives `\D0\9C\D0\BE\D1\81\D0\BA\D0\B2\D0\B0`,
which is what ERP5 expects.
parent a45c5d89
Pipeline #33546 failed with stage
in 0 seconds
...@@ -45,10 +45,11 @@ class CertificateAuthority: ...@@ -45,10 +45,11 @@ class CertificateAuthority:
os.unlink(f) os.unlink(f)
try: try:
# no CA, let us create new one # no CA, let us create new one
popenCommunicate([self.openssl_binary, 'req', '-nodes', '-config', popenCommunicate([self.openssl_binary, 'req', '-utf8', '-nodes',
self.openssl_configuration, '-new', '-x509', '-extensions', '-config', self.openssl_configuration, '-new', '-x509',
'v3_ca', '-keyout', self.key, '-out', self.certificate, '-extensions', 'v3_ca', '-keyout', self.key, '-out',
'-days', '10950'], 'Certificate Authority %s\n' % uuid.uuid1()) self.certificate, '-days', '10950'],
'Certificate Authority %s\n' % uuid.uuid1())
except: except:
try: try:
for f in file_list: for f in file_list:
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment