mirrors/redoctober
1
0
Fork 0
mirror of https://github.com/cloudflare/redoctober.git synced 2026-01-10 16:00:59 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
Files
2e296311bce55cb8fca4ea2aa77c91dba6e885c6
redoctober/testdata/server.crt
Michael Wolf 2e296311bc Replace testdata cert with a certificate that includes a CN 
When attempting to build redoctober with a modern version of go
I was getting the following error in the tests:

x509: certificate relies on legacy Common Name field, use SANs

In looking at the existing test certificate, it is indeed
missing a SAN as it was probably generated as a oneliner with
the openssl CLI

```
   Issuer: C = US, ST = CA, L = Everywhere, O = Internet Widgits Pty Ltd, CN = localhost
   Validity
       Not Before: Oct 12 12:19:40 2016 GMT
       Not After : Sep 18 12:19:40 2116 GMT
   Subject: C = US, ST = CA, L = Everywhere, O = Internet Widgits Pty Ltd, CN = localhost
   Subject Public Key Info:
       Public Key Algorithm: rsaEncryption
           Public-Key: (2048 bit)
           Modulus:
              ...
           Exponent: 65537 (0x10001)
```

This remedies the issue by generating a new self-signed test
certificate which does include a SAN
```
$ cat cert.conf
[CA_default]
copy_extensions = copy

[req]
default_bits = 4096
prompt = no
default_md = sha256
distinguished_name = req_distinguished_name
x509_extensions = v3_ca

[req_distinguished_name]
C = US
ST = CA
L = Everywhere
O = Internet Widgits Pty Ltd
CN = localhost

[v3_ca]
basicConstraints = CA:FALSE
keyUsage = digitalSignature, keyEncipherment
subjectAltName = @alternate_names

[alternate_names]
DNS.1 = localhost
DNS.2 = *.localhost
DNS.3 = app.localhost

$ openssl req -x509 -newkey rsa:4096 -sha256 -utf8 -days 36500 -nodes -config cert.conf -keyout testdata/server.pem -out testdata/server.crt
...
$ cat testdata/server.crt | openssl x509 -noout -text
   Issuer: C = US, ST = CA, L = Everywhere, O = Internet Widgits Pty Ltd, CN = localhost
   Validity
       Not Before: Oct 26 22:33:24 2023 GMT
       Not After : Oct  2 22:33:24 2123 GMT
   Subject: C = US, ST = CA, L = Everywhere, O = Internet Widgits Pty Ltd, CN = localhost
   Subject Public Key Info:
       Public Key Algorithm: rsaEncryption
           Public-Key: (4096 bit)
           Modulus:
              ...
           Exponent: 65537 (0x10001)
   X509v3 extensions:
       X509v3 Basic Constraints:
           CA:FALSE
       X509v3 Key Usage:
           Digital Signature, Key Encipherment
       X509v3 Subject Alternative Name:
           DNS:localhost, DNS:*.localhost, DNS:app.localhost
       X509v3 Subject Key Identifier:
           1B:9B:11:0E:14:2E:D6:7D:57:4F:5D:29:CB:5B:16:01:80:34:9C:0A
```

This allows the tests to complete without running into that x509
exception or needing to set a flag in the build args to ignore it
2023-10-26 15:45:59 -07:00

34 lines
2.0 KiB
Plaintext
Raw Blame History

-----BEGIN CERTIFICATE-----
MIIFxzCCA6+gAwIBAgIUb5RgXYC0k9BJSzlY2tYwW+fOmKcwDQYJKoZIhvcNAQEL
BQAwZjELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMRMwEQYDVQQHDApFdmVyeXdo
ZXJlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxEjAQBgNVBAMM
CWxvY2FsaG9zdDAgFw0yMzEwMjYyMjMzMjRaGA8yMTIzMTAwMjIyMzMyNFowZjEL
MAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMRMwEQYDVQQHDApFdmVyeXdoZXJlMSEw
HwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxEjAQBgNVBAMMCWxvY2Fs
aG9zdDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAM8FKWPbmHOQvWYx
/nbGAUFm9v6/9asUbzEocFwGIdksQCWc0RvXeMKBob95NdNXHdZQ5vlBrkhZJ/6I
MdSpyET47jMFNlvs3M+/m/h+GgOyRQ3Zkk8yFJA4MYedpNYGfcDxMrmoNDUdjOPT
sJA2wqZoSwpfx4fjGwVzubxAbt727T58IZCk9XjVunFnSM2FWsOAIqYiiNq4vs8E
uxLoIGl05JjG6wu9jYVEJRA/i0gmPOtuLfk0++JFCgfxeH7/ctKTAbcw1DZqEkHl
1Im4StBm9tDWpstQc4W7Ph1O+DFuASKBl0YMHdg/oWkADRCcXT7BH3vdacWnKcqO
YycDMintROwSmUXZLEjIlX7FuVBvhq2566LHaIavkrP1NWEJDQmpY7QMvaWORtyj
53nbQN7jxlH77b2Wnc5kAYd9OoOzGQ4PhNTZFz0Zhf4Nf2I13MJuHXSV8abxNKYf
tLKPC/HpntqLkpjcYEEqb/UPFMH2Sj6i2Ci6rrSNfioZS6pwAzlapVCuLk4uSlLt
HIH2Y3zbx2vTdqP62kp4elTX82p+IIRjuO9G6hS0V7F19kZ5qMr0flEVfiePUynu
/+VNoc88oX10J0BTnT4QSjMB5wxNzHULAlyGJQdB2lfpicp6ECO2UpByLCr+nmPC
VoFPwJH2sOKWjk5aHep2w7hz6OuHAgMBAAGjazBpMAkGA1UdEwQCMAAwCwYDVR0P
BAQDAgWgMDAGA1UdEQQpMCeCCWxvY2FsaG9zdIILKi5sb2NhbGhvc3SCDWFwcC5s
b2NhbGhvc3QwHQYDVR0OBBYEFBubEQ4ULtZ9V09dKctbFgGANJwKMA0GCSqGSIb3
DQEBCwUAA4ICAQBKlrFB7Ci9/tmxIRQihXJE8JjlERB2xh4Vdr2I2KaHNSfdaYRu
eU8i7+K3v4DD4GFhOM9PTps68IVXPwV8YGef8xg84ACOgz8S3lb/OIlCfzr/yt3A
Tx35jMRdl3vZs2V8GqbEJncF3WKsYwMSxZU0HBikybhjrpDNvzErZqOUd/rsmcIP
exZ/OeEn5oGkX3yBN9f2MW4iS1V1YtfODkmKTCrS5SmVZ2cuJqIt/1W7/HAYno6y
5ZvgOb4J54pBmj4mcTItCp9Bi/D8R73jTbCK1Dq2BX2Wl34fbkKU6nrKlXTWfD1g
LHODze/erlZByfkwM+slSdH1XBN6PXfe8fZOd6ZPkWK7ZHv249ZBYFzqWjvJ/eNX
bmHD+VRAWHF05t3KneZX1aYvuz27zkCNzxbJIcOv1y/Ki4NcNzFFgy2RWuwDTz5S
HnjCbgefemOQ/u8ojs3/5W08pDNdjKQFzmiJ5Zud/a61UaPW7NCaYviPzzIe3HOL
RV7mBqwhIaTzDgAuIg08iQdc3PxtvvfswDcuON5agYgRotdxG468HHIkdf0rSVOh
2eYNFYKjsgd96Vb+BTJEqwG3CdNv/24V511lzBS0YMjz0vVTjBJ245QRwVFbkj4e
I6rGzt8LpB3FprhnRp+tsWWIjdBDkmYUGgdmQ2Ruh4+xgZpJavzY903rTA==
-----END CERTIFICATE-----
Reference in New Issue View Git Blame Copy Permalink