added warning capture && fixed cert issuer name

2020-04-29 08:05:25 +02:00 · 2020-04-29 08:05:25 +02:00 · 3d2423f0bf
commit 3d2423f0bf
parent 612d05a408
2 changed files with 15 additions and 15 deletions
--- a/server/src/uds/init.py
+++ b/server/src/uds/init.py
@ -48,9 +48,11 @@ logger = logging.getLogger(__name__)

 # Default ssl context is unverified, as MOST servers that we will connect will be with self signed certificates...
 try:
-    # noinspection PyProtectedMember
    _create_unverified_https_context = ssl._create_unverified_context
    ssl._create_default_https_context = _create_unverified_https_context
+
+    # Capture warnnins to logg
+    logging.captureWarnings(True)
 except AttributeError:
    # Legacy Python that doesn't verify HTTPS certificates by default
    pass
--- a/server/src/uds/core/util/certs.py
+++ b/server/src/uds/core/util/certs.py
@ -20,25 +20,23 @@ def selfSignedCert(ip: str) -> typing.Tuple[str, str, str]:
    # Create a random password for private key
    password = secrets.token_urlsafe(32)

-    name = x509.Name([
-        x509.NameAttribute(NameOID.COMMON_NAME, ip)
-    ])
-    alt_names: typing.List[x509.GeneralName] = [x509.IPAddress(ipaddress.ip_address(ip))]
-    san = x509.SubjectAlternativeName(alt_names)
+    issuer = x509.Name([x509.NameAttribute(NameOID.COMMON_NAME, 'UDS Server')])
+    name = x509.Name([x509.NameAttribute(NameOID.COMMON_NAME, ip)])
+    san = x509.SubjectAlternativeName([x509.IPAddress(ipaddress.ip_address(ip))])

    basic_contraints = x509.BasicConstraints(ca=True, path_length=0)
    now = datetime.utcnow()
    cert = (
        x509.CertificateBuilder()
-        .subject_name(name)
-        .issuer_name(name)
-        .public_key(key.public_key())
-        .serial_number(1000)
-        .not_valid_before(now)
-        .not_valid_after(now + timedelta(days=10*365))
-        .add_extension(basic_contraints, False)
-        .add_extension(san, False)
-        .sign(key, hashes.SHA256(), default_backend())
+            .subject_name(name)
+            .issuer_name(issuer)
+            .public_key(key.public_key())
+            .serial_number(random.SystemRandom().randint(0, 1<<64))
+            .not_valid_before(now)
+            .not_valid_after(now + timedelta(days=10*365))
+            .add_extension(basic_contraints, False)
+            .add_extension(san, False)
+            .sign(key, hashes.SHA256(), default_backend())
    )
    
    return (