From c382ff65ab8bef3292b5074c498d0037c4004066 Mon Sep 17 00:00:00 2001 From: Yuchen Wu Date: Tue, 11 Feb 2025 15:29:13 -0800 Subject: [PATCH] Change leaf certs to v3 for rustls Rustls only supports v4 --- .bleep | 2 +- pingora-proxy/tests/utils/conf/keys/README.md | 4 ++ .../tests/utils/conf/keys/intermediate.srl | 2 +- pingora-proxy/tests/utils/conf/keys/leaf.crt | 38 ++++++++------- pingora-proxy/tests/utils/conf/keys/leaf2.crt | 48 ++++++++++--------- pingora-proxy/tests/utils/conf/keys/v3.ext | 3 ++ 6 files changed, 54 insertions(+), 43 deletions(-) create mode 100644 pingora-proxy/tests/utils/conf/keys/v3.ext diff --git a/.bleep b/.bleep index 536d3b4f7..d770a7bd1 100644 --- a/.bleep +++ b/.bleep @@ -1 +1 @@ -c9b07a00d15151e87fc0ff0ba020a20e2d74de2b \ No newline at end of file +9594f40a77159eeab93897a8f67347971a83d26b \ No newline at end of file diff --git a/pingora-proxy/tests/utils/conf/keys/README.md b/pingora-proxy/tests/utils/conf/keys/README.md index 44944ab40..ece7e645f 100644 --- a/pingora-proxy/tests/utils/conf/keys/README.md +++ b/pingora-proxy/tests/utils/conf/keys/README.md @@ -15,6 +15,10 @@ openssl req -new -x509 -key test_key.pem -out test.crt -days 3650 -sha256 -subj openssl ecparam -genkey -name secp256r1 -noout -out test_key.pem openssl req -new -key test_key.pem -out test.csr openssl x509 -req -in test.csr -CA server.crt -CAkey key.pem -CAcreateserial -CAserial test.srl -out test.crt -days 3650 -sha256 + +# Generate leaf cert +openssl x509 -req -in leaf.csr -CA intermediate.crt -CAkey intermediate.key -out leaf.crt -days 3650 -sha256 -extfile v3.ext + ``` ``` diff --git a/pingora-proxy/tests/utils/conf/keys/intermediate.srl b/pingora-proxy/tests/utils/conf/keys/intermediate.srl index 8eb8f1d86..594fa70ee 100644 --- a/pingora-proxy/tests/utils/conf/keys/intermediate.srl +++ b/pingora-proxy/tests/utils/conf/keys/intermediate.srl @@ -1 +1 @@ -199D7F7B72FA2892E58A80EC205EE63A20543BE0 +199D7F7B72FA2892E58A80EC205EE63A20543BE2 diff --git a/pingora-proxy/tests/utils/conf/keys/leaf.crt b/pingora-proxy/tests/utils/conf/keys/leaf.crt index 8ebd98c39..82e499ef2 100644 --- a/pingora-proxy/tests/utils/conf/keys/leaf.crt +++ b/pingora-proxy/tests/utils/conf/keys/leaf.crt @@ -1,20 +1,22 @@ -----BEGIN CERTIFICATE----- -MIIDQDCCAigCFHZMqCIkM5hzXRLLjxKVrt84hpunMA0GCSqGSIb3DQEBCwUAME4x -CzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEYMBYGA1UECgwPSW50ZXJtZWRpYXRl -IENBMRgwFgYDVQQDDA9pbnQucGluZ29yYS5vcmcwHhcNMjIxMTEwMTg1NzE0WhcN -MzIxMTA3MTg1NzE0WjBrMQswCQYDVQQGEwJVUzELMAkGA1UECAwCQ0ExFjAUBgNV -BAcMDVNhbiBGcmFuY2lzY28xITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5 -IEx0ZDEUMBIGA1UEAwwLcGluZ29yYS5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IB -DwAwggEKAoIBAQCTvo3hkSRrrJfrfZ1LiujaffSuErWbkiHkqOqAMofsqmkt+S4K -BAbwcJN8g/HN7Jxr43lFo7kZeFQZ6utg6uywe4yBxppqAt4r/Th1tUBJ982Vcs9K -3sMyjWO9UgSyoQdRjjXKlUYI316SBPYgFiac1M2UocPycEavxIlYrpS7d1i1PCSj -ByMiBbalSxrwEv97FOlSW0f0COiLoV36SXuq8jNyrFzk4zZXCYz5WjgZSkm/iFJL -abbX5nTmrzLnfm7BSbpnRMdQtYUqYubR+rlBuiGZsDM9FRsT+H6uOQwgIKqGz6I+ -diBK3oIHeD4F5Lma6Evt66AGwrwDkNhSyQV1AgMBAAEwDQYJKoZIhvcNAQELBQAD -ggEBADn5HmEwQUn/Tbb+Lqh6Zp2K/RrOH7lEz4IE1N90mRPF2Aa8oOwE7dwWfsUr -dJqzkrARiiYMy1wL6P8xhBsStLJPf0RM9uIpfxIaq7fF5RhJPuc3rVfkDsnZeo+Q -zdXtBal8BlfGjLvZgZzIei6IlGZ/j8yHDcEVP8IpQoSLtrQpSWe4CwGoSXfx/JqA -SD2ZS46mEVQIaQ4QEZecVLEQQTeEYMX50HkD+ea9GsuSQF5cOfY/lrHuFa0tW0SX -zYWtq9XTwEc+nPPLL0UMQWFWlsMb7pS2vtQS93wm00G6rpFHVEyq1ePbmDxRsjV4 -cgEH6QwqLWOmGHx4xpw2ZESwnUY= +MIIDoTCCAomgAwIBAgIUGZ1/e3L6KJLlioDsIF7mOiBUO+EwDQYJKoZIhvcNAQEL +BQAwTjELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMRgwFgYDVQQKDA9JbnRlcm1l +ZGlhdGUgQ0ExGDAWBgNVBAMMD2ludC5waW5nb3JhLm9yZzAeFw0yNTAyMTEyMzI2 +MzNaFw0zNTAyMDkyMzI2MzNaMGsxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEW +MBQGA1UEBwwNU2FuIEZyYW5jaXNjbzEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0 +cyBQdHkgTHRkMRQwEgYDVQQDDAtwaW5nb3JhLm9yZzCCASIwDQYJKoZIhvcNAQEB +BQADggEPADCCAQoCggEBAJO+jeGRJGusl+t9nUuK6Np99K4StZuSIeSo6oAyh+yq +aS35LgoEBvBwk3yD8c3snGvjeUWjuRl4VBnq62Dq7LB7jIHGmmoC3iv9OHW1QEn3 +zZVyz0rewzKNY71SBLKhB1GONcqVRgjfXpIE9iAWJpzUzZShw/JwRq/EiViulLt3 +WLU8JKMHIyIFtqVLGvAS/3sU6VJbR/QI6IuhXfpJe6ryM3KsXOTjNlcJjPlaOBlK +Sb+IUktpttfmdOavMud+bsFJumdEx1C1hSpi5tH6uUG6IZmwMz0VGxP4fq45DCAg +qobPoj52IEreggd4PgXkuZroS+3roAbCvAOQ2FLJBXUCAwEAAaNaMFgwHwYDVR0j +BBgwFoAU/mK9Mmv9LplWk4jj4nKQY8gPyzcwCQYDVR0TBAIwADALBgNVHQ8EBAMC +BPAwHQYDVR0OBBYEFOFYFdSTAaFmjBSGKFOhfWSdMpEHMA0GCSqGSIb3DQEBCwUA +A4IBAQCR+BLOThWTV5ZqYKRPSoZxVnmMbq/RrH6AF9fh4C42AnJyi1dOTLrmUSEK +WsjvW3q+HccKzA8sSOrRLZlJhhZMn9cTFB0YT3BGoQE2F+ClzD2b/iN7plLoyB1q +h+XRlJJuH7lhYt1oy80SU8JgbD7WEWrZuATTbZpC/O7a4/vBX41MUTUAUuy25ZWV +YztoFwQEclxHSzS3dV9fPuUCjVnvL2t5YQCKYwSKfP0G7TFfXUNvm1P9zeB1+7JU +wE1n6REL/ccLQgUuO2W39WyLDuWZaF2A44sJ6s2xdSUnCJ6SIXOFTe10XcmtBOsq +lgNo17y/whYdqdkWf4yiXxAqAua8 -----END CERTIFICATE----- diff --git a/pingora-proxy/tests/utils/conf/keys/leaf2.crt b/pingora-proxy/tests/utils/conf/keys/leaf2.crt index 0e58371cf..2b748f82f 100644 --- a/pingora-proxy/tests/utils/conf/keys/leaf2.crt +++ b/pingora-proxy/tests/utils/conf/keys/leaf2.crt @@ -1,25 +1,27 @@ -----BEGIN CERTIFICATE----- -MIIEQDCCAygCFBmdf3ty+iiS5YqA7CBe5jogVDvhMA0GCSqGSIb3DQEBCwUAME4x -CzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEYMBYGA1UECgwPSW50ZXJtZWRpYXRl -IENBMRgwFgYDVQQDDA9pbnQucGluZ29yYS5vcmcwHhcNMjIxMjIyMjIxNzIyWhcN -MzIxMjE5MjIxNzIyWjBrMQswCQYDVQQGEwJVUzELMAkGA1UECAwCQ0ExFjAUBgNV -BAcMDVNhbiBGcmFuY2lzY28xITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5 -IEx0ZDEUMBIGA1UEAwwLcGluZ29yYS5vcmcwggIiMA0GCSqGSIb3DQEBAQUAA4IC -DwAwggIKAoICAQD1HQzvibMFxG/OdudzEpiFHl5JkHj/ZzhR8a47dmWcIjEaYd1z -/hMZ8Zdpc/Ho3IKzwSQ5+5UyKcFjNmERYIje6pdH6NG8407Syv3Cxr1oR7t8kWoW -lIsbC1A9Ikhh7pHZntoYrUUjGslgHH8KQFtNPYmOJxwx1EYha/7pdr3/mc2MvidW -IRcxokkww39G3YP5UxV1IWM7OJZ8nWASRthwerfhCRrAX+OilVB+Ei8p08+BJnvS -gyROC/vUU9RXggg63qgRKNraamUlW4fhBY9Qxr8vkuFFoXNxZllKxUlZW2YtQKmk -QQCs4u1cF42ugGBeVqGooFvmezYPRwOxwL3R71UDDdEd/PQEg7skvu/Tyn+s6st1 -zcyBO+CT4Ogo2qbT7BaD9K/umElSDEIkW4JED+WtMihAZSeoAO4vsrh3ZGK5i3zv -VLFTbbbgE0vxoqF78ryxrzQuPJEIA5j1TycWjxTNl6IDy3J3QUjNzuVHZB5NK+N2 -Xx/rPhxh96GpY31tOCVC2L/YgkdnQB0e5ICet+LMGDcaNbXTFJoEEvq1patLJ23P -tyXgigl19OgLLFW9U5eExQ99QbdQhMORh4M7IN+UAmIiokHi4ZaH76VKaqKPzZ7r -MEsAeYryTfN5SdF4XFTDojR7rYT3kwPl7au66rDNdS3nNUTSHja6RxWqzwIDAQAB -MA0GCSqGSIb3DQEBCwUAA4IBAQCpyWaCksa8DSofS3ttjh5fRjUkth7O6nEDDZC3 -jOSNmwK0rZIK7pPLl7ogPVGpgu+dyTGQ9Jb3w5Xm3N26u/fLbVk7t7BCYbDMr14o -bJrSswz04GN/+e+JEVVTd6vU7weQGLbXrSMSsovzRJDhJe7qeV+u3RsxOLFyQntr -OqWB1x4bU/OghDOUSlRENwUCFursFHO3QWeD/ECPPSe1Q9J5Tkk/wd3TGTyyRUkW -hIgXrfIrZjEApa+nQma7+gUUQ6gwJxB1wEeQOOkSNizrOj0kdSKBCpSEeJCcbJpl -29FigdShOhBUqIZH0Y487VpaxfqBB4Kq4vlIQhfas/f6h6hS +MIIEoTCCA4mgAwIBAgIUGZ1/e3L6KJLlioDsIF7mOiBUO+IwDQYJKoZIhvcNAQEL +BQAwTjELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMRgwFgYDVQQKDA9JbnRlcm1l +ZGlhdGUgQ0ExGDAWBgNVBAMMD2ludC5waW5nb3JhLm9yZzAeFw0yNTAyMTEyMzI3 +MjNaFw0zNTAyMDkyMzI3MjNaMGsxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEW +MBQGA1UEBwwNU2FuIEZyYW5jaXNjbzEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0 +cyBQdHkgTHRkMRQwEgYDVQQDDAtwaW5nb3JhLm9yZzCCAiIwDQYJKoZIhvcNAQEB +BQADggIPADCCAgoCggIBAPUdDO+JswXEb85253MSmIUeXkmQeP9nOFHxrjt2ZZwi +MRph3XP+Exnxl2lz8ejcgrPBJDn7lTIpwWM2YRFgiN7ql0fo0bzjTtLK/cLGvWhH +u3yRahaUixsLUD0iSGHukdme2hitRSMayWAcfwpAW009iY4nHDHURiFr/ul2vf+Z +zYy+J1YhFzGiSTDDf0bdg/lTFXUhYzs4lnydYBJG2HB6t+EJGsBf46KVUH4SLynT +z4Eme9KDJE4L+9RT1FeCCDreqBEo2tpqZSVbh+EFj1DGvy+S4UWhc3FmWUrFSVlb +Zi1AqaRBAKzi7VwXja6AYF5WoaigW+Z7Ng9HA7HAvdHvVQMN0R389ASDuyS+79PK +f6zqy3XNzIE74JPg6CjaptPsFoP0r+6YSVIMQiRbgkQP5a0yKEBlJ6gA7i+yuHdk +YrmLfO9UsVNttuATS/GioXvyvLGvNC48kQgDmPVPJxaPFM2XogPLcndBSM3O5Udk +Hk0r43ZfH+s+HGH3oaljfW04JULYv9iCR2dAHR7kgJ634swYNxo1tdMUmgQS+rWl +q0snbc+3JeCKCXX06AssVb1Tl4TFD31Bt1CEw5GHgzsg35QCYiKiQeLhlofvpUpq +oo/NnuswSwB5ivJN83lJ0XhcVMOiNHuthPeTA+Xtq7rqsM11Lec1RNIeNrpHFarP +AgMBAAGjWjBYMB8GA1UdIwQYMBaAFP5ivTJr/S6ZVpOI4+JykGPID8s3MAkGA1Ud +EwQCMAAwCwYDVR0PBAQDAgTwMB0GA1UdDgQWBBT8/Kt/KzvBPCYPzbLedSVx0/o3 +WDANBgkqhkiG9w0BAQsFAAOCAQEAVQ6VWr6I9rybd4B5/CTHDc86jTgctBTtatnJ +Vz66s2C//FP9OerZsUFeIQMjPGmmJDzdhgS5pibxBWoTmO+Lmk0g5CIjSWDUzXqe +ra+MdJ9wyjrDuF6hXoeoX2QcPqYvNgV+QyHIJX6wXGecQSCLmYE7VttHRWmj5th9 +G9Ggsy0pNaBpgXcBTLaZuhHFRe6CPGddhpZrhRizRYF1Hp31alk0+iCgyy4F83iq +ix8CKVgpi+bQdtcpDsQqfoIXDkukyimOrRV3PTAuoC7OU/FFLAV4TqZ0UaptbTap +FGZ57k511yfGxexSSlJSNdKDIvA7LSHGbyfH/5DbLRiI5fF+DQ== -----END CERTIFICATE----- diff --git a/pingora-proxy/tests/utils/conf/keys/v3.ext b/pingora-proxy/tests/utils/conf/keys/v3.ext new file mode 100644 index 000000000..db7bc362a --- /dev/null +++ b/pingora-proxy/tests/utils/conf/keys/v3.ext @@ -0,0 +1,3 @@ +authorityKeyIdentifier=keyid,issuer +basicConstraints=CA:FALSE +keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment \ No newline at end of file