From bf78f3597910f36139270c833b9db13e99729c98 Mon Sep 17 00:00:00 2001
From: Yu Ming Zhu <yzhu@redhat.com>
Date: May 06 2021 18:19:37 +0000
Subject: koji-ssl-admin: support IPs for server certs


---

diff --git a/src/bin/koji-ssl-admin b/src/bin/koji-ssl-admin
index b828b1e..c76be1c 100755
--- a/src/bin/koji-ssl-admin
+++ b/src/bin/koji-ssl-admin
@@ -5,6 +5,7 @@ from datetime import datetime
 from dateutil.relativedelta import relativedelta
 import errno
 import fileinput
+import ipaddress
 import os
 import re
 import subprocess
@@ -109,8 +110,8 @@ def generate_server_csr(key, path, dnsnames, force=False):
     builder = builder.add_extension(
         x509.BasicConstraints(ca=False, path_length=None), critical=True,
     )
-    # Add Subject Alternative Names for all our dnsnames:
-    subject_alt_names = [x509.DNSName(dnsname) for dnsname in dnsnames]
+    # Add Subject Alternative Names for all our dnsnames/ips:
+    subject_alt_names = [to_subject_alt_name(dnsname) for dnsname in dnsnames]
     builder = builder.add_extension(
         x509.SubjectAlternativeName(subject_alt_names), critical=False,
     )
@@ -432,6 +433,11 @@ def build_cert_chain_file(crt_path, ca_cert_path, force):
         fin.close()
     print('wrote %s - use this in the HTTP server config' % chain_path)
 
+def to_subject_alt_name(addr):
+    try:
+        return x509.IPAddress(ipaddress.ip_address(addr))
+    except:
+        return x509.DNSName(addr)
 
 def parse_args():
     parser = argparse.ArgumentParser(description=DESCRIPTION,