luxolus
/
open-nomad
2
0
Fork 0
Code Issues 1 Pull Requests Packages Releases Wiki Activity
open-nomad/helper/tlsutil/testdata
History
Michael Schurter 401ed92847 config: accept CA PEM files with extra whitespace 
Previously we did a validation pass over CA PEM files before calling
Go's CertPool.AppendCertsFromPEM to provide more detailed error messages
than the stdlib provides.

Unfortunately our validation was overly strict and rejected valid CA
files. This is actually the reason the stdlib PEM parser doesn't return
meaningful errors: PEM files are extremely permissive and it's difficult
to tell the difference between invalid data and valid metadata.

This PR removes our custom validation as it would reject valid data and
the extra error messages were not useful in diagnosing the error
encountered.
 		2018-09-06 11:38:56 -07:00
..
README.md client: set host name when migrating over tls 2018-09-05 17:24:17 -07:00
ca-bad-csr.json Fix tlsutil tests 2016-11-10 12:18:13 -08:00
ca-bad-key.pem Fix tlsutil tests 2016-11-10 12:18:13 -08:00
ca-bad.csr Fix tlsutil tests 2016-11-10 12:18:13 -08:00
ca-bad.pem Fix tlsutil tests 2016-11-10 12:18:13 -08:00
ca-config.json Fix tlsutil tests 2016-11-10 12:18:13 -08:00
ca-csr.json Fix tlsutil tests 2016-11-10 12:18:13 -08:00
ca-key.pem Fix tlsutil tests 2016-11-10 12:18:13 -08:00
ca-whitespace.pem config: accept CA PEM files with extra whitespace 2018-09-06 11:38:56 -07:00
ca.csr Fix tlsutil tests 2016-11-10 12:18:13 -08:00
ca.pem Fix tlsutil tests 2016-11-10 12:18:13 -08:00
global-ca.pem client: set host name when migrating over tls 2018-09-05 17:24:17 -07:00
global-client-key.pem client: set host name when migrating over tls 2018-09-05 17:24:17 -07:00
global-client.pem client: set host name when migrating over tls 2018-09-05 17:24:17 -07:00
global-server-key.pem client: set host name when migrating over tls 2018-09-05 17:24:17 -07:00
global-server.pem client: set host name when migrating over tls 2018-09-05 17:24:17 -07:00
nomad-bad-csr.json Fix tlsutil tests 2016-11-10 12:18:13 -08:00
nomad-bad-key.pem Fix tlsutil tests 2016-11-10 12:18:13 -08:00
nomad-bad.csr Fix tlsutil tests 2016-11-10 12:18:13 -08:00
nomad-bad.pem Fix tlsutil tests 2016-11-10 12:18:13 -08:00
nomad-foo-csr.json Fix tlsutil tests 2016-11-10 12:18:13 -08:00
nomad-foo-key.pem Fix tlsutil tests 2016-11-10 12:18:13 -08:00
nomad-foo.csr Fix tlsutil tests 2016-11-10 12:18:13 -08:00
nomad-foo.pem Fix tlsutil tests 2016-11-10 12:18:13 -08:00

README.md

Nomad Test Certificate

Using cfssl 1.2.0

File Description
ca.pem CA certificate
ca-key.pem CA Key
nomad-foo.pem Nomad cert for foo region
nomad-foo-key.pem Nomad key for foo region
ca-bad.pem CA cert for bad region
ca-key-bad.pem CA key for bad region
nomad-bad.pem Nomad cert for bad region
nomad-bad-key.pem Nomad key for bad region
global-*.pem For global region

Generating self-signed certs

# Write defaults and update
cfssl print-defaults csr > ca-csr.json
cfssl print-defaults config > ca-config.json

# Generate CA certificate and key
cfssl gencert -config ca-config.json -initca ca-csr.json | cfssljson -bare ca -

# Generate Nomad certificate and key
cfssl gencert -ca ca.pem -ca-key ca-key.pem -config ca-config.json nomad-foo-csr.json | cfssljson -bare nomad-foo

# Generate bad region CA and certificate
cfssl gencert -config ca-config.json -initca ca-bad-csr.json | cfssljson -bare ca-bad -
cfssl gencert -ca ca-bad.pem -ca-key ca-bad-key.pem -config ca-config.json nomad-bad-csr.json | cfssljson -bare nomad-bad