From 56850f3f71819a2b26301633ca24e73e706c4d63 Mon Sep 17 00:00:00 2001 From: Val Lorentz Date: Sat, 9 Sep 2023 20:36:07 +0200 Subject: [PATCH] Fix certs so peering succeeds --- gen_conf.sh | 13 +++++++++++-- src/jable/db.clj | 4 ++-- 2 files changed, 13 insertions(+), 4 deletions(-) diff --git a/gen_conf.sh b/gen_conf.sh index 27de6a5..bfbd3cd 100755 --- a/gen_conf.sh +++ b/gen_conf.sh @@ -9,6 +9,9 @@ new_certs_dir = resources/useless_openssl_data/ database = resources/useless_openssl_data/db policy = policy_anything serial = resources/useless_openssl_data/serial +copy_extensions = copy +email_in_dn = no +rand_serial = no [ policy_anything ] countryName = optional @@ -18,13 +21,18 @@ organizationName = optional organizationalUnitName = optional commonName = supplied emailAddress = optional + +[ usr_cert ] +subjectAltName=subject:copy EOF +rm -f resources/useless_openssl_data/db touch resources/useless_openssl_data/db echo 01 > resources/useless_openssl_data/serial # Generate CA openssl req -x509 -nodes -newkey rsa:2048 -batch \ + -subj "/CN=Test CA" \ -outform PEM -out resources/config/ca_cert.pem \ -keyout resources/ca_cert.key @@ -32,8 +40,9 @@ for server in $*; do openssl genrsa -traditional \ -out resources/config/server_$server.key \ 2048 - openssl req -nodes -batch \ - -in resources/config/server_$server.key \ + openssl req -nodes -batch -new \ + -addext "subjectAltName = DNS:$server" \ + -key resources/config/server_$server.key \ -outform PEM -out resources/server_$server.req openssl ca -config resources/openssl.cnf -days 3650 -md sha512 -batch \ -subj /CN=$server \ diff --git a/src/jable/db.clj b/src/jable/db.clj index 6fb603b..ad603c1 100644 --- a/src/jable/db.clj +++ b/src/jable/db.clj @@ -26,12 +26,12 @@ (defn fingerprint [node] - (slurp (str "resources/server_" node ".pem.sha1"))) + (str/trim (slurp (str "resources/server_" node ".pem.sha1")))) (defn network_conf [nodes] { - :fanout 1 + :fanout 2 :ca_file "/usr/local/etc/sable/ca_cert.pem" :peers (map (fn [node] {:name node