X-Git-Url: https://pwan.org/git/?a=blobdiff_plain;f=certmaster%2Fcerts.py;h=554822e702a2abde02b6c8383d55a18061657079;hb=1e64c312e159e604eb45a06036b5e2c9a0a149df;hp=3d8d9915e1c10206de1a1214cc7cc4ba37667b83;hpb=a419c0fb6d0456a058462ea31f76fbdbeac63d99;p=certmaster.git

diff --git a/certmaster/certs.py b/certmaster/certs.py
index 3d8d991..554822e 100644
--- a/certmaster/certs.py
+++ b/certmaster/certs.py
@@ -37,7 +37,7 @@ def make_keypair(dest=None):
     return pkey
 
 
-def make_csr(pkey, dest=None, cn=None):
+def make_csr(pkey, dest=None, cn=None, hostname=None):
     req = crypto.X509Req()
     req.get_subject()
     subj  = req.get_subject()
@@ -48,8 +48,11 @@ def make_csr(pkey, dest=None, cn=None):
     subj.OU = def_ou
     if cn:
         subj.CN = cn
+    elif hostname:
+        subj.CN = hostname
     else:
-        subj.CN = utils.get_hostname() 
+        subj.CN = utils.gethostname()
+
     subj.emailAddress = 'root@%s' % subj.CN       
         
     req.set_pubkey(pkey)
@@ -137,3 +140,18 @@ def create_slave_certificate(csr, cakey, cacert, cadir, slave_cert_file=None):
         destfo.write(crypto.dump_certificate(crypto.FILETYPE_PEM, cert))
         destfo.close()
     return cert
+
+def check_cert_key_match(cert, key):
+    if not isinstance(cert, crypto.X509Type):
+        cert = crypto.load_certificate(crypto.FILETYPE_PEM, cert)
+    if not isinstance(key, crypto.PKeyType):
+        key = crypto.load_privatekey(crypto.FILETYPE_PEM, key)
+
+    from OpenSSL import SSL
+    context = SSL.Context(SSL.SSLv3_METHOD)
+    try:
+        context.use_certificate(cert)
+        context.use_privatekey(key)
+        return True
+    except:
+        return False