From af619a0af7909e469b87d5fd565fe03bd531d26d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20K=C3=A1cha?= <ph@cesnet.cz>
Date: Thu, 1 Oct 2015 18:10:13 +0200
Subject: [PATCH] Server now correctly handles certs without subjAltName (thx
 to bodik)

---
 warden3/warden_server/warden_server.py | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/warden3/warden_server/warden_server.py b/warden3/warden_server/warden_server.py
index 19da3f8..debf784 100755
--- a/warden3/warden_server/warden_server.py
+++ b/warden3/warden_server/warden_server.py
@@ -316,8 +316,11 @@ class X509Authenticator(NoAuthenticator):
         subj = cert.get_subject()
         commons = [n.get_data().as_text() for n in subj.get_entries_by_nid(subj.nid["CN"])]
 
-        ext = cert.get_ext("subjectAltName")
-        extstrs = [val.strip() for val in ext.get_value().split(",")]
+        try:
+           extstrs = cert.get_ext("subjectAltName").get_value().split(",")
+        except LookupError:
+           extstrs = []
+        extstrs = [val.strip() for val in extstrs]
         altnames = [val[4:] for val in extstrs if val.startswith("DNS:")]
 
         # bit of mangling to get rid of duplicates and leave commonname first
-- 
GitLab