Certificates with no SAN result in 500

[amaccuish]

Traceback (most recent call last):
File "/usr/local/share/ca/main/lib/python3.5/site-packages/django/contrib/admin/options.py", line 668, in get_form
return modelform_factory(self.model, **defaults)
File "/usr/local/share/ca/main/lib/python3.5/site-packages/django/forms/models.py", line 549, in modelform_factory
return type(form)(class_name, (form,), form_class_attrs)
File "/usr/local/share/ca/main/lib/python3.5/site-packages/django/forms/models.py", line 266, in new
raise FieldError(message)
django.core.exceptions.FieldError: Unknown field(s) (subjectAltName) specified for Certificate

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/usr/local/share/ca/main/lib/python3.5/site-packages/django/core/handlers/exception.py", line 35, in inner
response = get_response(request)
File "/usr/local/share/ca/main/lib/python3.5/site-packages/django/core/handlers/base.py", line 128, in _get_response
response = self.process_exception_by_middleware(e, request)
File "/usr/local/share/ca/main/lib/python3.5/site-packages/django/core/handlers/base.py", line 126, in _get_response
response = wrapped_callback(request, *callback_args, **callback_kwargs)
File "/usr/local/share/ca/main/lib/python3.5/site-packages/django/contrib/admin/options.py", line 574, in wrapper
return self.admin_site.admin_view(view)(*args, **kwargs)
File "/usr/local/share/ca/main/lib/python3.5/site-packages/django/utils/decorators.py", line 142, in _wrapped_view
response = view_func(request, *args, **kwargs)
File "/usr/local/share/ca/main/lib/python3.5/site-packages/django/views/decorators/cache.py", line 44, in _wrapped_view_func
response = view_func(request, *args, **kwargs)
File "/usr/local/share/ca/main/lib/python3.5/site-packages/django/contrib/admin/sites.py", line 223, in inner
return view(request, *args, **kwargs)
File "/usr/local/share/ca/main/lib/python3.5/site-packages/django/contrib/admin/options.py", line 1556, in change_view
return self.changeform_view(request, object_id, form_url, extra_context)
File "/usr/local/share/ca/main/lib/python3.5/site-packages/django/utils/decorators.py", line 62, in _wrapper
return bound_func(*args, **kwargs)
File "/usr/local/share/ca/main/lib/python3.5/site-packages/django/utils/decorators.py", line 142, in _wrapped_view
response = view_func(request, *args, **kwargs)
File "/usr/local/share/ca/main/lib/python3.5/site-packages/django/utils/decorators.py", line 58, in bound_func
return func.get(self, type(self))(*args2, **kwargs2)
File "/usr/local/share/ca/main/lib/python3.5/site-packages/django/contrib/admin/options.py", line 1450, in changeform_view
return self._changeform_view(request, object_id, form_url, extra_context)
File "/usr/local/share/ca/main/lib/python3.5/site-packages/django/contrib/admin/options.py", line 1479, in _changeform_view
ModelForm = self.get_form(request, obj)
File "/usr/local/share/ca/main/ca/django_ca/admin.py", line 317, in get_form
return super(CertificateAdmin, self).get_form(request, obj=obj, **kwargs)
File "/usr/local/share/ca/main/lib/python3.5/site-packages/django/contrib/admin/options.py", line 672, in get_form
% (e, self.class.name)
django.core.exceptions.FieldError: Unknown field(s) (subjectAltName) specified for Certificate. Check fields/fieldsets/exclude attributes of class CertificateAdmin.

[mathiasertl]

Hi, thanks for the report. This is when you want to add a new certificate? Can you share a CSR that causes the error, as well as your Python and Django versions!

[amaccuish]

The cert is successfully signed but then I can't view it, I get a server 500 in the admin interface.

Python: 3.5.2
Django-CA: 1.7.0-24-gcc8924f
cert.txt
csr.txt

[MonsieurCellophane]

I am running into a similar prb - only not with altnames, which are handled handsomely - but with SignedCertificateTimestamp objects (OID 1.3.6.1.4.1.11129.2.4.2) and CertificatePolicies. I patched it in models.py as per attachment (requirements.txt is also attached). Basically I am concatenating repr(foo) any time an handler for OID foo cannot be found. Ugly, but it keeps 500 errors at bay.

requirements.txt
unknownOID-patch.txt

[MonsieurCellophane]

Ok, so I ran into the very same problem (I imported letsencrypt's intermediate X3 cert). Getting around it required adding sukjectAltName to ignored fields and changing the return value of the corresponding method in X509MixIn (see attachment)

bugdiff.txt

[mathiasertl]

@MonsieurCellophane nice looking patch, can you create a pull request?