mirror of
https://github.com/tailscale/tailscale.git
synced 2024-11-25 19:15:34 +00:00
derp: set Basic Constraints on metacert
See https://github.com/golang/go/issues/51759#issuecomment-1071147836 Once we deploy this, tailscaled should work again for macOS users with Go 1.18. Updates golang/go#51759 Change-Id: I869b6ddc556a2de885e96ccf9f335dfc8f6f6a7e Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
This commit is contained in:
parent
eaf5591953
commit
18818763d1
@ -453,6 +453,9 @@ func (s *Server) initMetacert() {
|
|||||||
// Windows requires NotAfter and NotBefore set:
|
// Windows requires NotAfter and NotBefore set:
|
||||||
NotAfter: time.Now().Add(30 * 24 * time.Hour),
|
NotAfter: time.Now().Add(30 * 24 * time.Hour),
|
||||||
NotBefore: time.Now().Add(-30 * 24 * time.Hour),
|
NotBefore: time.Now().Add(-30 * 24 * time.Hour),
|
||||||
|
// Per https://github.com/golang/go/issues/51759#issuecomment-1071147836,
|
||||||
|
// macOS requires BasicConstraints when subject == issuer:
|
||||||
|
BasicConstraintsValid: true,
|
||||||
}
|
}
|
||||||
cert, err := x509.CreateCertificate(crand.Reader, tmpl, tmpl, pub, priv)
|
cert, err := x509.CreateCertificate(crand.Reader, tmpl, tmpl, pub, priv)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
@ -9,6 +9,7 @@
|
|||||||
"bytes"
|
"bytes"
|
||||||
"context"
|
"context"
|
||||||
"crypto/x509"
|
"crypto/x509"
|
||||||
|
"encoding/asn1"
|
||||||
"encoding/json"
|
"encoding/json"
|
||||||
"errors"
|
"errors"
|
||||||
"expvar"
|
"expvar"
|
||||||
@ -790,6 +791,17 @@ func TestMetaCert(t *testing.T) {
|
|||||||
if g, w := cert.Subject.CommonName, fmt.Sprintf("derpkey%s", pub.UntypedHexString()); g != w {
|
if g, w := cert.Subject.CommonName, fmt.Sprintf("derpkey%s", pub.UntypedHexString()); g != w {
|
||||||
t.Errorf("CommonName = %q; want %q", g, w)
|
t.Errorf("CommonName = %q; want %q", g, w)
|
||||||
}
|
}
|
||||||
|
if n := len(cert.Extensions); n != 1 {
|
||||||
|
t.Fatalf("got %d extensions; want 1", n)
|
||||||
|
}
|
||||||
|
|
||||||
|
// oidExtensionBasicConstraints is the Basic Constraints ID copied
|
||||||
|
// from the x509 package.
|
||||||
|
oidExtensionBasicConstraints := asn1.ObjectIdentifier{2, 5, 29, 19}
|
||||||
|
|
||||||
|
if id := cert.Extensions[0].Id; !id.Equal(oidExtensionBasicConstraints) {
|
||||||
|
t.Errorf("extension ID = %v; want %v", id, oidExtensionBasicConstraints)
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
type dummyNetConn struct {
|
type dummyNetConn struct {
|
||||||
|
Loading…
Reference in New Issue
Block a user