Skip to content

Commit 249527f

Browse files
davidismdavidism
authored
make cn field a valid single hostname, and use wildcard in SANs field. (#2892)
2 parents e633b30 + 793be47 commit 249527f

2 files changed

Lines changed: 6 additions & 2 deletions

File tree

CHANGES.rst

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,7 @@ Version 3.0.3
66
Unreleased
77

88
- Make reloader more robust when ``""`` is in ``sys.path``. :pr:`2823`
9+
- Better TLS cert format with ``adhoc`` dev certs. :pr:`2891`
910

1011

1112
Version 3.0.2

src/werkzeug/serving.py

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -532,7 +532,10 @@ def generate_adhoc_ssl_pair(
532532
.not_valid_before(dt.now(timezone.utc))
533533
.not_valid_after(dt.now(timezone.utc) + timedelta(days=365))
534534
.add_extension(x509.ExtendedKeyUsage([x509.OID_SERVER_AUTH]), critical=False)
535-
.add_extension(x509.SubjectAlternativeName([x509.DNSName(cn)]), critical=False)
535+
.add_extension(
536+
x509.SubjectAlternativeName([x509.DNSName(cn), x509.DNSName(f"*.{cn}")]),
537+
critical=False,
538+
)
536539
.sign(pkey, hashes.SHA256(), backend)
537540
)
538541
return cert, pkey
@@ -560,7 +563,7 @@ def make_ssl_devcert(
560563
"""
561564

562565
if host is not None:
563-
cn = f"*.{host}/CN={host}"
566+
cn = host
564567
cert, pkey = generate_adhoc_ssl_pair(cn=cn)
565568

566569
from cryptography.hazmat.primitives import serialization

0 commit comments

Comments
 (0)