Merge lp:~axwalk/juju-core/cert-server-auth into lp:~go-bot/juju-core/trunk
Proposed by
Andrew Wilkins
Status: | Merged |
---|---|
Approved by: | Andrew Wilkins |
Approved revision: | no longer in the source branch. |
Merged at revision: | 2349 |
Proposed branch: | lp:~axwalk/juju-core/cert-server-auth |
Merge into: | lp:~go-bot/juju-core/trunk |
Diff against target: |
33 lines (+3/-2) 2 files modified
cert/cert.go (+2/-2) cert/cert_test.go (+1/-0) |
To merge this branch: | bzr merge lp:~axwalk/juju-core/cert-server-auth |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Juju Engineering | Pending | ||
Review via email: mp+207613@code.launchpad.net |
Commit message
cert: add serverAuth extKeyUsage to server certs
GnuTLS is particular about the key usage, which
prevents rsyslog from serving TLS unless the
correct ones are set.
This enables a fix for lp:1281071
Description of the change
cert: add serverAuth extKeyUsage to server certs
GnuTLS is particular about the key usage, which
prevents rsyslog from serving TLS unless the
correct ones are set.
This enables a fix for lp:1281071
To post a comment you must log in.
Reviewers: mp+207613_ code.launchpad. net,
Message:
Please take a look.
Description:
cert: add serverAuth extKeyUsage to server certs
GnuTLS is particular about the key usage, which
prevents rsyslog from serving TLS unless the
correct ones are set.
This enables a fix for lp:1281071
https:/ /code.launchpad .net/~axwalk/ juju-core/ cert-server- auth/+merge/ 207613
(do not edit description out of merge proposal)
Please review this at https:/ /codereview. appspot. com/66930043/
Affected files (+5, -2 lines):
A [revision details]
M cert/cert.go
M cert/cert_test.go
Index: [revision details] 20140220160904- 67ajnt8y3n3jd73 c
=== added file '[revision details]'
--- [revision details] 2012-01-01 00:00:00 +0000
+++ [revision details] 2012-01-01 00:00:00 +0000
@@ -0,0 +1,2 @@
+Old revision: tarmac-
+New revision: <email address hidden>
Index: cert/cert.go
=== modified file 'cert/cert.go'
--- cert/cert.go 2014-02-03 14:31:54 +0000
+++ cert/cert.go 2014-02-21 10:13:05 +0000
@@ -119,7 +119,7 @@
// NewServer generates a certificate/key pair suitable for use by a server. caCertPEM, caKeyPEM []byte, expiry time.Time, hostnames ExtKeyUsage{ x509.ExtKeyUsag eServerAuth} )
func NewServer(
[]string) (certPEM, keyPEM []byte, err error) {
- return newLeaf(caCertPEM, caKeyPEM, expiry, hostnames, nil)
+ return newLeaf(caCertPEM, caKeyPEM, expiry, hostnames,
[]x509.
}
// NewClient generates a certificate/key pair suitable for client
authentication.
@@ -164,7 +164,7 @@
NotAfter: expiry.UTC(),
SubjectKeyId: bigIntHash(key.N), taEncipherment, yEncipherment | gitalSignature | x509.KeyUsageKe yAgreement,
- KeyUsage: x509.KeyUsageDa
+ KeyUsage: x509.KeyUsageKe
x509.KeyUsageDi
ExtKeyUsage: extKeyUsage,
}
for _, hostname := range hostnames {
Index: cert/cert_test.go srvCert. NotAfter. Equal(expiry) , gc.Equals, true) srvCert. BasicConstraint sValid, gc.Equals, false) srvCert. IsCA, gc.Equals, false) srvCert. ExtKeyUsage, gc.DeepEquals, ExtKeyUsage{ x509.ExtKeyUsag eServerAuth} )
=== modified file 'cert/cert_test.go'
--- cert/cert_test.go 2013-09-24 05:42:43 +0000
+++ cert/cert_test.go 2014-02-21 10:13:05 +0000
@@ -86,6 +86,7 @@
c.Assert(
c.Assert(
c.Assert(
+ c.Assert(
[]x509.
checkTLSConn ection( c, caCert, srvCert, srvKey)
}