Merge pull request #3345 from Embezzle/T6259

PKI: T6259: Support RFC822 names in certificate generation
vyos · Apr 24, 2024 · a63e934 · a63e934
2 parents 5b3f2b5 + a849d91
commit a63e934
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 3 deletions.
diff --git a/python/vyos/pki.py b/python/vyos/pki.py
@@ -146,7 +146,7 @@ def create_certificate_request(subject, private_key, subject_alt_names=[]):
             if isinstance(obj, ipaddress.IPv4Address) or isinstance(obj, ipaddress.IPv6Address):
                 alt_names.append(x509.IPAddress(obj))
             elif isinstance(obj, str):
-                alt_names.append(x509.DNSName(obj))
+                alt_names.append(x509.RFC822Name(obj) if '@' in obj else x509.DNSName(obj))
         if alt_names:
             builder = builder.add_extension(x509.SubjectAlternativeName(alt_names), critical=False)
 

diff --git a/src/op_mode/pki.py b/src/op_mode/pki.py
@@ -306,7 +306,7 @@ def parse_san_string(san_string):
             output.append(ipaddress.IPv4Address(value))
         elif tag == 'ipv6':
             output.append(ipaddress.IPv6Address(value))
-        elif tag == 'dns':
+        elif tag == 'dns' or tag == 'rfc822':
             output.append(value)
     return output
 
@@ -324,7 +324,7 @@ def generate_certificate_request(private_key=None, key_type=None, return_request
     subject_alt_names = None
 
     if ask_san and ask_yes_no('Do you want to configure Subject Alternative Names?'):
-        print("Enter alternative names in a comma separate list, example: ipv4:1.1.1.1,ipv6:fe80::1,dns:vyos.net")
+        print("Enter alternative names in a comma separate list, example: ipv4:1.1.1.1,ipv6:fe80::1,dns:vyos.net,rfc822:user@vyos.net")
         san_string = ask_input('Enter Subject Alternative Names:')
         subject_alt_names = parse_san_string(san_string)