Skip to content

Commit

Permalink
Fix bug where client cert is aliased to server
Browse files Browse the repository at this point in the history
  • Loading branch information
@lukebakken
lukebakken committed Apr 7, 2022
1 parent 7fcafe1 commit 8723bb0
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion basic/profile.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -96,7 +96,7 @@ def alias_leaf_artifacts(opts):
print("Will copy certificate and key for {} to {}".format(server_name, paths.relative_path(*("result", "server_*.pem"))))

gen.alias_file("client", client_name)
gen.alias_file("server", client_name)
gen.alias_file("server", server_name)

print("Done! Find new copies under ./result!")

Expand Down

3 comments on commit 8723bb0

@lukebakken
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@michaelklishin this had me scratching my head for a while today! This is the error I saw client-side:

ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unsupported certificate purpose (_ssl.c:997)

@michaelklishin
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Duh, sorry

@michaelklishin
Copy link
Member

@michaelklishin michaelklishin commented on 8723bb0 Apr 8, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yup, "unsupported certificate purpose" means that a certificate has basic usage constraints that are unfit for whatever you try to do (e.g. use it as for server identity).

Please sign in to comment.