Skip to content

Commit

Permalink
Issue new certs with minica
Browse files Browse the repository at this point in the history
  • Loading branch information
@rustworthy
rustworthy committed Aug 13, 2024
1 parent e4fb46f commit 99c03a1
Show file tree
Hide file tree
Showing 5 changed files with 30 additions and 53 deletions.
11 changes: 11 additions & 0 deletions docker/certs/README.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
## Important

The certificate has been produced with [`minica`](https://github.com/jsha/minica):

```sh
./minica -domains 'localhost'
```

The lib's version used was `1.1.0` and the default algorithm at the time of issuance was `ecdsa`.

The certificate was issued on `August 13, 2024` and will be valid for `2 years and 30 days` (which is a limitation [imposed](https://github.com/jsha/minica/blob/c5ce70c9b524953b13628607abafd7a557c6f074/main.go#L277-L281) by certain platforms).
29 changes: 10 additions & 19 deletions docker/certs/faktory.local.crt
View file
Original file line number Diff line number Diff line change
@@ -1,21 +1,12 @@
-----BEGIN CERTIFICATE-----
MIIDazCCAlMCFAxQwXkfT4M84/fevISct//qQskRMA0GCSqGSIb3DQEBCwUAMHEx
CzAJBgNVBAYTAlVaMREwDwYDVQQIDAhUYXNoa2VudDERMA8GA1UEBwwIVGFzaGtl
bnQxEzARBgNVBAoMCmZha3RvcnktcnMxEzARBgNVBAsMCmZha3RvcnktcnMxEjAQ
BgNVBAMMCWxvY2FsaG9zdDAgFw0yNDAyMDMyMDI1MDlaGA8zMDA0MDQwNjIwMjUw
OVowcTELMAkGA1UEBhMCVVoxETAPBgNVBAgMCFRhc2hrZW50MREwDwYDVQQHDAhU
YXNoa2VudDETMBEGA1UECgwKZmFrdG9yeS1yczETMBEGA1UECwwKZmFrdG9yeS1y
czESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEA4ektheqTRy+eHn9j22AxGHqtg/elEiZC0UCLX51ysEkhnLLvFlVFtzd7
q+nx1PNiHdH5i/TjdAYrXAZhKU/k2YfrgCyOjm/XxSw7ujXPP+cWOmdRYTexT9o7
Yrg3ZYMniJbbTl8j37dieXHaO7FHAvpww1q/nbQkwD/1WqK1ggQY/OZ38wpUvsws
9LA7shuXdGnjAXunnRGEzZ2EG6T5hYw0PFL+2CHwr0lqNbCur8wu99t4ED9/vfLG
0TWRQwSnApyjHy89rn5Ze3vOiNzcBW778oZxwvzriEmbQQg6RxKE19AlaiV4+n5S
woAi8Ji69BKRUSlxRhW6eX4ABV2eOwIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQDS
EXuIvVx27LyWlIhfY6vwSWqeUoRXmMFpiBNTTvvHQKlJzLlDyn1b+CqHvMdE9RZh
FI5shZkiqtRRTUGVHB4o0ntwCQmWyV/5FQQ6EYs/bHXUcN2vt1XuU7WK4fRafPPu
snYDgg0TmpGvm+J8W64TfJogWqpPsnT4pOF+aNqW88TTs1JUnNFDBQmw2QKBK+AH
+V4zhpCjVXpKtVMTnDWHQfJh4whelD18lU1jPCbzQrRs2hQWQvtzKWi0YCYc1IXl
4E6eIOHRuiUl/mE3p3f2CGJIwxgrMuxN07ncnwVXBPCaVzSLWJHy0G61mFKH5R/7
42EC7S/POk5GtzkMJ5Du
MIIB3DCCAWOgAwIBAgIIH7dYNg66/2UwCgYIKoZIzj0EAwMwIDEeMBwGA1UEAxMV
bWluaWNhIHJvb3QgY2EgMDI1MWZmMB4XDTI0MDgxMzA1NTQyOFoXDTI2MDkxMjA1
NTQyOFowFDESMBAGA1UEAxMJbG9jYWxob3N0MHYwEAYHKoZIzj0CAQYFK4EEACID
YgAENZuBDDayhB5EzmRfErEoIbfE5IjWChNzjO4CLTrECemPqcJbjzsk8MBwB5cb
bHGMeg1nqkqof0ZkgrM4sWZsWNI1H/LODKdXBIqMpbU12iEs7S3eo5RaGlq9CtE6
dYyAo3YwdDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG
AQUFBwMCMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUdieiiQwm+V0FBPIukYU/
udp7ScwwFAYDVR0RBA0wC4IJbG9jYWxob3N0MAoGCCqGSM49BAMDA2cAMGQCMGL7
ge3qiN2B0P0bQvf9DNCblvuC7rx6NcZraYpAj9HgO9iUTqyMVxB04uWiOOjE9wIw
D0ciU7opj7CqwaoC3EQbLleMoEuK8LLdHj/JfMxO2I9AlAxzT4ksIg/VSErlUEcv
-----END CERTIFICATE-----
30 changes: 4 additions & 26 deletions docker/certs/faktory.local.key
View file
Original file line number Diff line number Diff line change
@@ -1,28 +1,6 @@
-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDh6S2F6pNHL54e
f2PbYDEYeq2D96USJkLRQItfnXKwSSGcsu8WVUW3N3ur6fHU82Id0fmL9ON0Bitc
BmEpT+TZh+uALI6Ob9fFLDu6Nc8/5xY6Z1FhN7FP2jtiuDdlgyeIlttOXyPft2J5
cdo7sUcC+nDDWr+dtCTAP/VaorWCBBj85nfzClS+zCz0sDuyG5d0aeMBe6edEYTN
nYQbpPmFjDQ8Uv7YIfCvSWo1sK6vzC7323gQP3+98sbRNZFDBKcCnKMfLz2ufll7
e86I3NwFbvvyhnHC/OuISZtBCDpHEoTX0CVqJXj6flLCgCLwmLr0EpFRKXFGFbp5
fgAFXZ47AgMBAAECggEAJjyV4G86O1fDbw0HxUdMOAT3nnkJfv9r2sgObwISueS+
5CtjDUgkkyS4cXoY3P7O0hZKoxYxc19h8mMACgKETQ9U3G5uOIyUnEJm35cg+4Ns
/ziijQ5knAvndkeQ1MU0qUlDWEoBI+oBqGWNVwIj70ydTmtrOFGX0NRiflNA3n7q
pJbdRZzKnTxXxRwIRuGA1y6SlBLQ740hVOm56iLtRJ+P0kNErSL8Uhws/X9/0MXH
W8r2JVikNumBZH18MK+wBGulwZBcLurFfv31hbeQ/FnckOJ1OE53rnV+tBrZN7Ap
6eR4IMcVPfunnGX+meEUnJfmC0HrdQXucDB8Ey/biQKBgQDygP0JeUKpSWX2uSfV
2c8N0opmC2uHswOhf+H9TOyA4DO5NmlbOqVv+uUwRQvIkoen8XNMCPOyoK7WZNAB
hfyU+ck3HDIBqHbGBisUXDNLgIQIhWVznYK0QC+YYr+rEmFun0sMriuhZsU1q2mW
VoAPSTJhaufRb0TKib9Tarzg4wKBgQDue8jk0tbK5xL9dcyn1CxHtDAbfyQfQnSd
G+GcQDDCamgbKI042A5lPSToYEOpSMTOn/n5CmezsSMFnwuwZAgQ1Pbd3YeknBCi
6jWzqYcC11u3EeX9YPJgEDZq0uSWNZg0phDBsu+PYq7vDAriCsMeQrLMvQb0Fs3n
Pp4vVzSEyQKBgQCb+h1G/6jBzAT6WYNmyE6mPFpqYkQKpzjZorCPxO+FwS9jnLzN
Qf5w9TZ/Apoeqyj3+5RGPqfIqBNssLEdmbmpdLRYbxk2+c1Td1o0IU2Y7ZN/C5YC
dDhCidpTMIjJluv2RBz4jfpgOQL1j0g9u2to6ZKvGBz9F41unITkOY49MwKBgEzk
1qqJHL6BcQsOT3WRoNFh1N0YyoHVwJnjooPp4o7dFkIjeh1o9INKCrtuRoKvtt1U
kZnt8+/pXnxygqdWKY+byxlQU2sM8wREdho+wAx3edf2Smy/NIcq0xDwfMm98ByR
qvd5hWp7DCKBhITLqYv5P4NqM3LCY5N7CjADcyiZAoGBALXXR5WSHLjtzaN4Eeti
pWur1VN30HiM2zRTXwTxx6X7y/FI5xzoCVAJb6tSpC/aXzFx05Xa/LyhDXI2sbhm
G3a4tjBRrief5z8XQ7gdBSiyRtLc1XFy3kmeN2HTPMWSIrbk56xyEOqbXov5S+41
hWwNT3lodEZ2ymFWEZHHAvhb
MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDCs4MYYR22MIL1rZitb
nZF25hbh9M1aI4uPdn+Vqzphuk+tjEMAmYbAZcSCCGGoUzKhZANiAAQ1m4EMNrKE
HkTOZF8SsSght8TkiNYKE3OM7gItOsQJ6Y+pwluPOyTwwHAHlxtscYx6DWeqSqh/
RmSCszixZmxY0jUf8s4Mp1cEioyltTXaISztLd6jlFoaWr0K0Tp1jIA=
-----END PRIVATE KEY-----
11 changes: 4 additions & 7 deletions src/tls/rustls.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -194,14 +194,11 @@ impl ServerCertVerifier for NoCertVerification {

fn verify_tls13_signature(
&self,
_message: &[u8],
_cert: &CertificateDer<'_>,
_dss: &DigitallySignedStruct,
message: &[u8],
cert: &CertificateDer<'_>,
dss: &DigitallySignedStruct,
) -> Result<HandshakeSignatureValid, RustlsError> {
// TODO: figure out what's wring with the test cert
// IO(Custom { kind: ConnectionAborted, error: Custom { kind: InvalidData, error: InvalidCertificate(Other(OtherError(UnsupportedCertVersion))) } })
// self.0.verify_tls13_signature(message, cert, dss)
Ok(HandshakeSignatureValid::assertion())
self.0.verify_tls13_signature(message, cert, dss)
}

fn supported_verify_schemes(&self) -> Vec<SignatureScheme> {
Expand Down
2 changes: 1 addition & 1 deletion tests/tls/rustls.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ async fn roundtrip_tls() {

let tls = || async {
let verifier = fixtures::TestServerCertVerifier::new(
SignatureScheme::RSA_PSS_SHA512,
SignatureScheme::ECDSA_NISTP384_SHA384,
env::current_dir()
.unwrap()
.join("docker")
Expand Down

0 comments on commit 99c03a1

Please sign in to comment.