From 2c73e8f816c1965bc5092f4e7e7c57478293ade6 Mon Sep 17 00:00:00 2001
From: Aldo Cortesi <aldo@nullcube.com>
Date: Mon, 27 Feb 2012 15:36:19 +1300
Subject: Fix problems with SANs and certificate generation.

---
 libmproxy/resources/cert.cnf |  1 +
 libmproxy/utils.py           | 10 +++++++++-
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/libmproxy/resources/cert.cnf b/libmproxy/resources/cert.cnf
index 4f2525a9..4d95f646 100644
--- a/libmproxy/resources/cert.cnf
+++ b/libmproxy/resources/cert.cnf
@@ -27,6 +27,7 @@ nsCertType = server
 basicConstraints = CA:false
 keyUsage = nonRepudiation, digitalSignature, keyEncipherment
 nsCertType = server
+%(altnames)s
 
 [ alt_names ]
 %(sans)s
diff --git a/libmproxy/utils.py b/libmproxy/utils.py
index 57a9e983..474f7844 100644
--- a/libmproxy/utils.py
+++ b/libmproxy/utils.py
@@ -300,7 +300,15 @@ def dummy_cert(certdir, ca, commonname, sans):
     ss = "\n".join(ss)
 
     f = open(confpath, "w")
-    f.write(template%(dict(commonname=commonname, sans=ss)))
+    f.write(
+        template%(
+            dict(
+                commonname=commonname,
+                sans=ss,
+                altnames="subjectAltName = @alt_names" if ss else ""
+            )
+        )
+    )
     f.close()
 
     if ca:
-- 
cgit v1.2.3