Skip to content

Commit bd2f317

Browse files
carlcsaposs-canonicalcarlcsaposs-canonical
authored
Truncate TLS common name to 64 characters (#318)
Fixes uncaught exception caused by changes in #317 https://warthogs.atlassian.net/browse/DPE-5411
1 parent f4cbbef commit bd2f317

File tree

2 files changed

+4
-12
lines changed

2 files changed

+4
-12
lines changed

poetry.lock

Lines changed: 0 additions & 11 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

src/relations/tls.py

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -116,9 +116,12 @@ def _generate_csr(self, key: bytes) -> bytes:
116116
extra_hosts, extra_ips = self._charm.get_all_k8s_node_hostnames_and_ips()
117117
return tls_certificates.generate_csr(
118118
private_key=key,
119-
subject=socket.getfqdn(),
119+
# X.509 CommonName has a limit of 64 characters
120+
# (https://github.com/pyca/cryptography/issues/10553)
121+
subject=socket.getfqdn()[:64],
120122
organization=self._charm.app.name,
121123
sans_dns=[
124+
socket.getfqdn(),
122125
unit_name,
123126
f"{unit_name}.{self._charm.app.name}-endpoints",
124127
f"{unit_name}.{self._charm.app.name}-endpoints.{self._charm.model_service_domain}",

0 commit comments

Comments
 (0)