Commit a2480a21 authored by ale's avatar ale

properly bundle the CA certificate within the PKCS12 file

parent d14b24b0
......@@ -136,15 +136,14 @@ Further info:
def to_pkcs12(crt_pem, key_pem, ca_pem):
"""Pack credentials into a PKCS12-format buffer."""
tmpdir = tempfile.mkdtemp()
bundle_pem = '\n'.join([ca_pem, crt_pem])
try:
for name, content in [
('crt.pem', crt_pem), ('key.pem', key_pem), ('ca.pem', ca_pem)]:
for name, content in [('bundle.pem', bundle_pem), ('key.pem', key_pem)]:
with open(os.path.join(tmpdir, name), 'w') as fd:
fd.write(content)
pipe = subprocess.Popen(
['openssl', 'pkcs12', '-export', '-password', 'pass:',
'-in', 'crt.pem', '-inkey', 'key.pem',
'-CAfile', 'ca.pem'],
'-in', 'bundle.pem', '-inkey', 'key.pem'],
cwd=tmpdir, stdout=subprocess.PIPE)
return pipe.communicate()[0]
finally:
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment