mirror of
https://github.com/cloudflare/redoctober.git
synced 2026-01-10 07:58:03 +00:00
2e296311bc
When attempting to build redoctober with a modern version of go
I was getting the following error in the tests:
x509: certificate relies on legacy Common Name field, use SANs
In looking at the existing test certificate, it is indeed
missing a SAN as it was probably generated as a oneliner with
the openssl CLI
```
Issuer: C = US, ST = CA, L = Everywhere, O = Internet Widgits Pty Ltd, CN = localhost
Validity
Not Before: Oct 12 12:19:40 2016 GMT
Not After : Sep 18 12:19:40 2116 GMT
Subject: C = US, ST = CA, L = Everywhere, O = Internet Widgits Pty Ltd, CN = localhost
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
...
Exponent: 65537 (0x10001)
```
This remedies the issue by generating a new self-signed test
certificate which does include a SAN
```
$ cat cert.conf
[CA_default]
copy_extensions = copy
[req]
default_bits = 4096
prompt = no
default_md = sha256
distinguished_name = req_distinguished_name
x509_extensions = v3_ca
[req_distinguished_name]
C = US
ST = CA
L = Everywhere
O = Internet Widgits Pty Ltd
CN = localhost
[v3_ca]
basicConstraints = CA:FALSE
keyUsage = digitalSignature, keyEncipherment
subjectAltName = @alternate_names
[alternate_names]
DNS.1 = localhost
DNS.2 = *.localhost
DNS.3 = app.localhost
$ openssl req -x509 -newkey rsa:4096 -sha256 -utf8 -days 36500 -nodes -config cert.conf -keyout testdata/server.pem -out testdata/server.crt
...
$ cat testdata/server.crt | openssl x509 -noout -text
Issuer: C = US, ST = CA, L = Everywhere, O = Internet Widgits Pty Ltd, CN = localhost
Validity
Not Before: Oct 26 22:33:24 2023 GMT
Not After : Oct 2 22:33:24 2123 GMT
Subject: C = US, ST = CA, L = Everywhere, O = Internet Widgits Pty Ltd, CN = localhost
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
...
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Key Usage:
Digital Signature, Key Encipherment
X509v3 Subject Alternative Name:
DNS:localhost, DNS:*.localhost, DNS:app.localhost
X509v3 Subject Key Identifier:
1B:9B:11:0E:14:2E:D6:7D:57:4F:5D:29:CB:5B:16:01:80:34:9C:0A
```
This allows the tests to complete without running into that x509
exception or needing to set a flag in the build args to ignore it
53 lines
3.2 KiB
Plaintext
53 lines
3.2 KiB
Plaintext
-----BEGIN PRIVATE KEY-----
|
|
MIIJRAIBADANBgkqhkiG9w0BAQEFAASCCS4wggkqAgEAAoICAQDPBSlj25hzkL1m
|
|
Mf52xgFBZvb+v/WrFG8xKHBcBiHZLEAlnNEb13jCgaG/eTXTVx3WUOb5Qa5IWSf+
|
|
iDHUqchE+O4zBTZb7NzPv5v4fhoDskUN2ZJPMhSQODGHnaTWBn3A8TK5qDQ1HYzj
|
|
07CQNsKmaEsKX8eH4xsFc7m8QG7e9u0+fCGQpPV41bpxZ0jNhVrDgCKmIojauL7P
|
|
BLsS6CBpdOSYxusLvY2FRCUQP4tIJjzrbi35NPviRQoH8Xh+/3LSkwG3MNQ2ahJB
|
|
5dSJuErQZvbQ1qbLUHOFuz4dTvgxbgEigZdGDB3YP6FpAA0QnF0+wR973WnFpynK
|
|
jmMnAzIp7UTsEplF2SxIyJV+xblQb4atueuix2iGr5Kz9TVhCQ0JqWO0DL2ljkbc
|
|
o+d520De48ZR++29lp3OZAGHfTqDsxkOD4TU2Rc9GYX+DX9iNdzCbh10lfGm8TSm
|
|
H7Syjwvx6Z7ai5KY3GBBKm/1DxTB9ko+otgouq60jX4qGUuqcAM5WqVQri5OLkpS
|
|
7RyB9mN828dr03aj+tpKeHpU1/NqfiCEY7jvRuoUtFexdfZGeajK9H5RFX4nj1Mp
|
|
7v/lTaHPPKF9dCdAU50+EEozAecMTcx1CwJchiUHQdpX6YnKehAjtlKQciwq/p5j
|
|
wlaBT8CR9rDilo5OWh3qdsO4c+jrhwIDAQABAoICABn7OtuWdsaiNrL5uUbsyMGN
|
|
i5gjPVDQSrgvrBJQjrTz0cUmrjPBUh2PKV6fdrrkZxE7rBFCRf48ekF+lEptWH4X
|
|
g8WRdOYKjxffo1KHePpXyETZtnwL+/qxor2zcjmOLQAnBUe5rXuxDrqVGcavqLQ7
|
|
yJcvuBn8zapcgMX4jDGdad76sze1DD2zDSgoX0Gz59U7Yp3ZHbXdk8zlehkAWvkB
|
|
O6NU67DYhEdiawhkATX33pNpi4mINciLA5xFmOrPYni9DG0SSr/dhhcRIiB6qaEI
|
|
GxfQqLRBj44MFtqUy59gf/H1s6eN47z9F2PXJsyb4zP6BtqDyj+NIDiUsCr4QrY4
|
|
kO8utzZjJWDQYqppwytJbiYATdMdgqSuQT2T/r6GcX69SUACAGGi/br/GJvD+ksR
|
|
sxTSo1jROV4/QORnwyF7LKotKX0dZJT22HiT9qrpjTOW0uCOe8dR6Ocy496sTaFD
|
|
tGAdjocZCALSjDL7+HLMldfwJZTp2f5qbyETJMv78lQZ3yMGOcXKwn99jMBV0fDm
|
|
eOEaNCo8Yl2vxOxt13zg7RMwO3oiJHcBYn1klsAaDQCMeJjnA+4DcSQRZDRXYLid
|
|
19GYZJSk/OzriCJ0blXkM8DMbqT8MiMBPW906QF2ugsHYU0uF2XN7+nypTFoIivP
|
|
4bYUrqAjAU92uzByUsexAoIBAQDnW06ZmWayx0cncEVVL8fon2C+xfC83UzLN5qI
|
|
ChXXVU1Dfv07D74W8INQbTAiPw46lOCl/l0MJE4qLrfRujxjIWuPN867p/kCUE/B
|
|
epWcYJ4MA/YHpELsPc4Z6NkZa4Lt8hNY5hbBgv/W0uW9TGbuzaPBUH7/LUeLe06W
|
|
GFkz/XFfYUC/I6HExfJwYFBSv4V9sJ/nIl2bVddW2M6uM67u69/Aphr1bIKJbCc+
|
|
tcD0byh13WfxATiYdnbd4wY3Ly657n6iAdPyAXhMTChgcoXpbYjaJ7ndwoxvHi0w
|
|
pYBokGJjexpekY/hDBjyRA6qIP6JGLg+YI0nYbesef83mf/pAoIBAQDlEj2Wrhqm
|
|
Kx2mJDwSZfTSbe6ww8uldWbeyXjwyPxpdhailjVtGoJcnvaKvHaWDWRY8v2PkpSY
|
|
OdYcSClhwAubGP1MDZVSssOgRNtCLPwmsZwea47ik8z7NxzgcdHMJMnzMGjkeAMB
|
|
dpRhfpKBJA5OVmYYC0mDRCoLpJCuMAOeHh6AcNKbYpGg4PcBIbnamRTUZo0UeL1A
|
|
h5dTOX/aIn/xX8c87taCRnnNQCy3C5aVOE8Q4OwkfkVazGfKe4ecAGZaKVFLZvh8
|
|
k2ch7LyVap4HsVcxBumocXHJCqQ41KczmIm4y62/DS3LoQyD1+6TNfDM4bbMMHfZ
|
|
VNGmIcj/81nvAoIBAQC3aPBH3o/G/SpQfrXIUcfGh8sXki5GW55MoHkWjgBApHRL
|
|
JPo1/0XwQ52mfdkh3SE3mdz6W0uCm6mH0V+SmXTUFaOCd3ih1gkXJ3oC5V6ECShi
|
|
WCWMa1FOnbStX6X0fAHhBv8Fg+rYYDTYJntQ9afIeyft0hXL0Cae0hM79HOLPsnJ
|
|
Fn1QyjutlkubgQ9Mel6mhQZPIzRYN9YuGFTJT1nIOSA6RrSqiep2bVIzab1dSl4m
|
|
Cm8jZZdrbsbPIvJDf1kot4SWhKJ0gWvP+LQtubylkFtkrwevYVMZqC+lGB9TRdtq
|
|
CCagf/8zJvcD4KZLgzqmjv1JHhvo85O73T9R4fk5AoIBAQDLdEf/bON+cw0CY2x3
|
|
atbnj3xQw5Y8fum/NnKUae7GPHweLAuHu+PNH+MZlgo9e+eEmU1cF3SjP7tLo0wd
|
|
5dRpDOjsg6P8r4nQ71dOj2XleBqRajaeR2foOCsNrgoIpyQ3OufvBCinRArGDQVS
|
|
bhPGwDYtZNkGHaS6co+OJlcQOPAeZBaqrAFsQmMgPjQ0U4KMpAjqBdMRXVyqLoe/
|
|
1qSMXeU32Wnsi2vjQPx2F3THVBvlgeA7CWvQGXyV+uGXTUObENeDgRFyk/klyH42
|
|
t1tkub4XbWxaj2fgh/MUBsv6p6Cq4TyQU8Q49/GFqGPdnCsjzdXtxZ6tCQir5ZYA
|
|
vsNBAoIBAQCxB8GQQ2pBwB5A4lAtQ2MptYzdBmzcjDwzF1s8jkMFZWlYoLPY9ET9
|
|
7ft0aBMxd6Fxkl0C09CcIbVcrL89WR93hiVHaof7lVUyD4vFSMkRIWMB12TyWgeM
|
|
6o+arV4C6dUU8Ey3D+38mmmYgIhuJqMozJeLllBgqpeqm0czNFXX9p29+p83GkC2
|
|
N46vqmY/7Naln9eGONV+RTdpISon1V7wHwYgh5/Lp8nNnigDAgUpBPhfVn+SPEzl
|
|
kOoclspP6lqgFEfxPgsK19kS6E15WEPdmGumspUY9GpbSwpVlwx5nXd9+LcUWZif
|
|
dJDGUZJ48tEHpUS59CWUOmo7BrDhN0TR
|
|
-----END PRIVATE KEY-----
|