Various small fixes and add support for subjectAltName to the SSL cert check

2015-02-12 14:00:26 -05:00 · 2015-02-12 14:00:26 -05:00 · 7a199f63eb
commit 7a199f63eb
parent f107b50a46
3 changed files with 24 additions and 6 deletions
--- a/static/js/controllers/setup.js
+++ b/static/js/controllers/setup.js
@ -123,7 +123,7 @@ function SetupCtrl($scope, $timeout, ApiService, Features, UserService, Containe

  $scope.showSuperuserPanel = function() {
    $('#setupModal').modal('hide');
-    var prefix = scope.hasSSL ? 'https' : 'http';
+    var prefix = $scope.hasSSL ? 'https' : 'http';
    var hostname = $scope.hostname;
    window.location = prefix + '://' + hostname + '/superuser';
  };
@ -198,9 +198,12 @@ function SetupCtrl($scope, $timeout, ApiService, Features, UserService, Containe
  };

  $scope.serializeDbUri = function(fields) {
-    if (!fields['server']) { return '' };
+    if (!fields['server']) { return ''; }

    try {
+      if (!fields['server']) { return ''; }
+      if (!fields['database']) { return ''; }
+
      var uri = URI();
      uri = uri && uri.host(fields['server']);
      uri = uri && uri.protocol(fields['kind']);
--- a/static/partials/setup.html
+++ b/static/partials/setup.html
@ -226,7 +226,8 @@
            Problem Detected
          </span>

-          <button type="submit" class="btn btn-primary" ng-disabled="!databaseUri"
+          <button type="submit" class="btn btn-primary"
+                  ng-disabled="!databaseUri"
                  ng-click="validateDatabase()">
            Validate Database Settings
          </button>
--- a/util/config/validator.py
+++ b/util/config/validator.py
@ -195,9 +195,23 @@ def _validate_ssl(config):
  if common_name is None:
    raise Exception('Missing CommonName (CN) from SSL certificate')

-  if not fnmatch(config['SERVER_HOSTNAME'], common_name):
-    raise Exception('CommonName (CN) "%s" in SSL cert does not match server hostname "%s"' %
-                    (common_name, config['SERVER_HOSTNAME']))
+  # Build the list of allowed host patterns.
+  hosts = set([common_name])
+
+  # Find the DNS extension, if any.
+  for i in range(0, cert.get_extension_count()):
+    ext = cert.get_extension(i)
+    if ext.get_short_name() == 'subjectAltName':
+      value = str(ext)
+      hosts.update([host.strip()[4:] for host in value.split(',')])
+
+  # Check each host.
+  for host in hosts:
+    if fnmatch(config['SERVER_HOSTNAME'], host):
+      return
+
+  raise Exception('Supported names "%s" in SSL cert do not match server hostname "%s"' %
+                  (', '.join(list(hosts)), config['SERVER_HOSTNAME']))