From 2ef36499c4159c99408b67eed6aab88db4481647 Mon Sep 17 00:00:00 2001
From: Miroslav Havrlent <miroslav.havrlent@hpe.com>
Date: Tue, 13 Jun 2017 23:59:39 +0200
Subject: [PATCH] added SAN extension

---
 CertTool.py       | 8 +++++++-
 ProxHTTPSProxy.py | 0
 ProxyTool.py      | 0
 3 files changed, 7 insertions(+), 1 deletion(-)
 mode change 100644 => 100755 CertTool.py
 mode change 100644 => 100755 ProxHTTPSProxy.py
 mode change 100644 => 100755 ProxyTool.py

diff --git a/CertTool.py b/CertTool.py
old mode 100644
new mode 100755
index 6920b86..e0ca228
--- a/CertTool.py
+++ b/CertTool.py
@@ -77,9 +77,15 @@ def dummy_cert(cafile, certfile, commonname):
         cert.gmtime_adj_notBefore(0)
         cert.gmtime_adj_notAfter(60 * 60 * 24 * 3652)
         cert.set_issuer(ca.get_subject())
-        cert.get_subject().CN = '*' + commonname if commonname.startswith('.') else commonname
+        if commonname.startswith('.'):
+          domain = '*' + commonname
+        else:
+          domain = commonname
+        cert.get_subject().CN = domain
         cert.set_serial_number(int(time.time()*10000))
         cert.set_pubkey(ca.get_pubkey())
+        cert.add_extensions(
+           [OpenSSL.crypto.X509Extension(b"subjectAltName", False, str.encode("DNS:"+domain))])
         cert.sign(key, "sha256")
         with open(certfile, 'wb') as fp:
             fp.write(OpenSSL.crypto.dump_certificate(OpenSSL.crypto.FILETYPE_PEM, cert))
diff --git a/ProxHTTPSProxy.py b/ProxHTTPSProxy.py
old mode 100644
new mode 100755
diff --git a/ProxyTool.py b/ProxyTool.py
old mode 100644
new mode 100755