From 5d05e3b8088f9e1f15b3c9e60fcef7e20493123d Mon Sep 17 00:00:00 2001 From: Alexander Schrode Date: Thu, 4 Jan 2024 11:58:14 +0100 Subject: [PATCH 1/2] crypto change subject alternate warnings to warning --- asyncua/crypto/uacrypto.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/asyncua/crypto/uacrypto.py b/asyncua/crypto/uacrypto.py index 04d825ac0..970d8eacc 100644 --- a/asyncua/crypto/uacrypto.py +++ b/asyncua/crypto/uacrypto.py @@ -341,14 +341,14 @@ def check_certificate(cert: x509.Certificate, application_uri: str, hostname: Op san = cert.extensions.get_extension_for_class(x509.SubjectAlternativeName) san_uri = san.value.get_values_for_type(x509.UniformResourceIdentifier) if application_uri not in san_uri: - _logger.error(f'certificate does not contain the application uri ({application_uri}). Most applications will reject a connection without it.') + _logger.warning(f'certificate does not contain the application uri ({application_uri}). Most applications will reject a connection without it.') err = True if hostname is not None: san_dns_names = san.value.get_values_for_type(x509.DNSName) if hostname not in san_dns_names: - _logger.error(f'certificate does not contain the hostname in DNSNames {hostname}. Some applications will check this.') + _logger.warning(f'certificate does not contain the hostname in DNSNames {hostname}. Some applications will check this.') err = True except x509.ExtensionNotFound: - _logger.error('certificate has no SubjectAlternativeName this is need for application verification!') + _logger.warning('certificate has no SubjectAlternativeName this is need for application verification!') err = True return err From c0b2efd0a33bba27614988baba11641caeab806c Mon Sep 17 00:00:00 2001 From: Alexander Schrode Date: Thu, 11 Jan 2024 22:01:13 +0100 Subject: [PATCH 2/2] remove f-string in logging --- asyncua/crypto/uacrypto.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/asyncua/crypto/uacrypto.py b/asyncua/crypto/uacrypto.py index 970d8eacc..a35f56c6f 100644 --- a/asyncua/crypto/uacrypto.py +++ b/asyncua/crypto/uacrypto.py @@ -332,21 +332,21 @@ def check_certificate(cert: x509.Certificate, application_uri: str, hostname: Op err = False now = datetime.utcnow() if cert.not_valid_after < now: - _logger.error(f'certificate is no longer valid: valid until {cert.not_valid_after}') + _logger.error('certificate is no longer valid: valid until %s', cert.not_valid_after) err = True if cert.not_valid_before > now: - _logger.error(f'certificate is not yet vaild: valid after {cert.not_valid_before}') + _logger.error('certificate is not yet vaild: valid after %s', cert.not_valid_before) err = True try: san = cert.extensions.get_extension_for_class(x509.SubjectAlternativeName) san_uri = san.value.get_values_for_type(x509.UniformResourceIdentifier) if application_uri not in san_uri: - _logger.warning(f'certificate does not contain the application uri ({application_uri}). Most applications will reject a connection without it.') + _logger.warning('certificate does not contain the application uri (%s). Most applications will reject a connection without it.', application_uri) err = True if hostname is not None: san_dns_names = san.value.get_values_for_type(x509.DNSName) if hostname not in san_dns_names: - _logger.warning(f'certificate does not contain the hostname in DNSNames {hostname}. Some applications will check this.') + _logger.warning('certificate does not contain the hostname in DNSNames %s. Some applications will check this.', hostname) err = True except x509.ExtensionNotFound: _logger.warning('certificate has no SubjectAlternativeName this is need for application verification!')