mirrors/redoctober
1
0
Fork 0
mirror of https://github.com/cloudflare/redoctober.git synced 2025-12-23 06:15:45 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
Files
master
redoctober/testdata
History
Michael Wolf 2e296311bc Replace testdata cert with a certificate that includes a CN 
When attempting to build redoctober with a modern version of go
I was getting the following error in the tests:

x509: certificate relies on legacy Common Name field, use SANs

In looking at the existing test certificate, it is indeed
missing a SAN as it was probably generated as a oneliner with
the openssl CLI

```
   Issuer: C = US, ST = CA, L = Everywhere, O = Internet Widgits Pty Ltd, CN = localhost
   Validity
       Not Before: Oct 12 12:19:40 2016 GMT
       Not After : Sep 18 12:19:40 2116 GMT
   Subject: C = US, ST = CA, L = Everywhere, O = Internet Widgits Pty Ltd, CN = localhost
   Subject Public Key Info:
       Public Key Algorithm: rsaEncryption
           Public-Key: (2048 bit)
           Modulus:
              ...
           Exponent: 65537 (0x10001)
```

This remedies the issue by generating a new self-signed test
certificate which does include a SAN
```
$ cat cert.conf
[CA_default]
copy_extensions = copy

[req]
default_bits = 4096
prompt = no
default_md = sha256
distinguished_name = req_distinguished_name
x509_extensions = v3_ca

[req_distinguished_name]
C = US
ST = CA
L = Everywhere
O = Internet Widgits Pty Ltd
CN = localhost

[v3_ca]
basicConstraints = CA:FALSE
keyUsage = digitalSignature, keyEncipherment
subjectAltName = @alternate_names

[alternate_names]
DNS.1 = localhost
DNS.2 = *.localhost
DNS.3 = app.localhost

$ openssl req -x509 -newkey rsa:4096 -sha256 -utf8 -days 36500 -nodes -config cert.conf -keyout testdata/server.pem -out testdata/server.crt
...
$ cat testdata/server.crt | openssl x509 -noout -text
   Issuer: C = US, ST = CA, L = Everywhere, O = Internet Widgits Pty Ltd, CN = localhost
   Validity
       Not Before: Oct 26 22:33:24 2023 GMT
       Not After : Oct  2 22:33:24 2123 GMT
   Subject: C = US, ST = CA, L = Everywhere, O = Internet Widgits Pty Ltd, CN = localhost
   Subject Public Key Info:
       Public Key Algorithm: rsaEncryption
           Public-Key: (4096 bit)
           Modulus:
              ...
           Exponent: 65537 (0x10001)
   X509v3 extensions:
       X509v3 Basic Constraints:
           CA:FALSE
       X509v3 Key Usage:
           Digital Signature, Key Encipherment
       X509v3 Subject Alternative Name:
           DNS:localhost, DNS:*.localhost, DNS:app.localhost
       X509v3 Subject Key Identifier:
           1B:9B:11:0E:14:2E:D6:7D:57:4F:5D:29:CB:5B:16:01:80:34:9C:0A
```

This allows the tests to complete without running into that x509
exception or needing to set a flag in the build args to ignore it
2023-10-26 15:45:59 -07:00
..
ro-ssh-agent-demo.sh
RO SSH Agent Forwarding Works
2018-03-12 12:39:32 -07:00
server.crt
Replace testdata cert with a certificate that includes a CN
2023-10-26 15:45:59 -07:00
server.pem
Replace testdata cert with a certificate that includes a CN
2023-10-26 15:45:59 -07:00
ssh_key
Fixing rebase of andrewbuss/decrypt_sign
2018-03-12 12:39:32 -07:00
ssh_key.pub
Fixing rebase of andrewbuss/decrypt_sign
2018-03-12 12:39:32 -07:00