diff --git a/hooks/lib/certificate/certificate.py b/hooks/lib/certificate/certificate.py index 8d7f1bf24..81d626c41 100644 --- a/hooks/lib/certificate/certificate.py +++ b/hooks/lib/certificate/certificate.py @@ -170,7 +170,8 @@ def with_hosts(self, *hosts: str): if not is_valid_hostname(h): continue alt_names.append(f"DNS:{h}") - self.add_extension("subjectAltName", False, ", ".join(alt_names)) + if len(alt_names) > 0: + self.add_extension("subjectAltName", False, ", ".join(alt_names)) return self def __sign(self, ca_subj: crypto.X509Name, ca_key: crypto.PKey) -> None: diff --git a/hooks/lib/hooks/internal_tls.py b/hooks/lib/hooks/internal_tls.py index e34f613ec..67ba975ce 100644 --- a/hooks/lib/hooks/internal_tls.py +++ b/hooks/lib/hooks/internal_tls.py @@ -306,7 +306,7 @@ def r(ctx: hook.Context): snaps[s["filterResult"]["name"]] = TLSSecretData( s["filterResult"]["data"]) ca_data = TLSSecretData() - if self.__with_common_ca: + if self.__with_common_ca(): tls_value_data = self.__sync_ca(self.ca_request, snaps.get(self.ca_request.ca_secret_name, TLSSecretData())) ca_data = convert_to_TLSSecretData(tls_value_data)