Skip to content

Commit

Permalink
Add Subject Alternative Name to local openssl cert
Browse files Browse the repository at this point in the history 
Go 1.15 deprecates checking CN; this broke gating tests:

   Get "https://localhost:5000/v2/": x509: certificate relies on legacy Common Name field, use SANs or temporarily enable Common Name matching with GODEBUG=x509ignoreCN=0

Easy two-line solution in the 'openssl' invocation. Huge
thanks to Nalin for tracking down and fixing while I was
still getting started:

   containers/buildah#2595

Copied from 0f2892a5b021de3b1cf273f5679fda8298b57c02 in buildah

Signed-off-by: Ed Santiago <[email protected]>
  • Loading branch information
@edsantiago
edsantiago committed Oct 1, 2020
1 parent 6dabefa commit f977388
Showing 1 changed file with 2 additions and 1 deletion.
3 changes: 2 additions & 1 deletion systemtest/helpers.bash
View file
Original file line number Diff line number Diff line change
Expand Up @@ -331,7 +331,8 @@ start_registry() {
log_and_run openssl req -newkey rsa:4096 -nodes -sha256 \
-keyout $AUTHDIR/domain.key -x509 -days 2 \
-out $CERT \
-subj "/C=US/ST=Foo/L=Bar/O=Red Hat, Inc./CN=localhost"
-subj "/C=US/ST=Foo/L=Bar/O=Red Hat, Inc./CN=registry host certificate" \
-addext subjectAltName=DNS:localhost
fi

reg_args+=(
Expand Down

0 comments on commit f977388

Please sign in to comment.