Skip to content

Add SubjectAltName into certificate #28

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 10 commits into
base: master
Choose a base branch
from
Open

Add SubjectAltName into certificate #28

wants to merge 10 commits into from

Conversation

@zt2
Copy link

@zt2 zt2 commented Feb 13, 2020

Feature:

  • SSL reverse proxy can be accessed from mobile APP

Fix:

  • ERR_CERT_WEAK_KEY
  • Error: "Subject Alternative Name Missing" or NET::ERR_CERT_COMMON_NAME_INVALID

@argos83
Copy link
Owner

argos83 commented Feb 16, 2020

Hi @zt2 thanks for the PR. Unfortunately the test pipeline in circleci doesn't seem to be working (I'm not actively maintaining this project TBH). It seems there're some linting errors with your changes. Can you please run bundle install bundle exec rspec and bundle exec rubocop, fix any problems and update the pull request? Thanks!

@zt2
Copy link
Author

zt2 commented Apr 5, 2020

Hi @argos83, sorry for reply later, I can pass 'bundle exec rspec' in my environment (too many deprecated warnings).

~/P/ritm [develop] » bundler exec rspec                                                                                                                                                                       16:59:57
/Users/ztz/.rvm/rubies/ruby-2.6.5/lib/ruby/2.6.0/x86_64-darwin19/date_core.bundle: warning: already initialized constant Date::MONTHNAMES
/Users/ztz/.rvm/rubies/ruby-2.6.5/lib/ruby/2.6.0/x86_64-darwin19/date_core.bundle: warning: already initialized constant Date::ABBR_MONTHNAMES
/Users/ztz/.rvm/rubies/ruby-2.6.5/lib/ruby/2.6.0/x86_64-darwin19/date_core.bundle: warning: already initialized constant Date::DAYNAMES
/Users/ztz/.rvm/rubies/ruby-2.6.5/lib/ruby/2.6.0/x86_64-darwin19/date_core.bundle: warning: already initialized constant Date::ABBR_DAYNAMES
/Users/ztz/.rvm/rubies/ruby-2.6.5/lib/ruby/2.6.0/x86_64-darwin19/date_core.bundle: warning: already initialized constant Date::ITALY
/Users/ztz/.rvm/rubies/ruby-2.6.5/lib/ruby/2.6.0/x86_64-darwin19/date_core.bundle: warning: already initialized constant Date::ENGLAND
/Users/ztz/.rvm/rubies/ruby-2.6.5/lib/ruby/2.6.0/x86_64-darwin19/date_core.bundle: warning: already initialized constant Date::JULIAN
/Users/ztz/.rvm/rubies/ruby-2.6.5/lib/ruby/2.6.0/x86_64-darwin19/date_core.bundle: warning: already initialized constant Date::GREGORIAN
/Users/ztz/.rvm/gems/ruby-2.6.5/gems/certificate_authority-0.1.6/lib/certificate_authority/certificate.rb:94: warning: constant OpenSSL::Digest::Digest is deprecated
/Users/ztz/.rvm/gems/ruby-2.6.5/gems/certificate_authority-0.1.6/lib/certificate_authority/certificate.rb:96: warning: constant OpenSSL::Digest::Digest is deprecated
== Sinatra (v2.0.8.1) has taken the stage on 4567 for test with backup from Thin
== Sinatra (v2.0.8.1) has taken the stage on 4443 for test with backup from Thin
Thin web server (v1.7.2 codename Bachmanity)
Thin web server (v1.7.2 codename Bachmanity)
Maximum connections set to 1024
Maximum connections set to 1024
Listening on 127.0.0.1:4443, CTRL+C to stop
Listening on 127.0.0.1:4567, CTRL+C to stop
.../Users/ztz/.rvm/gems/ruby-2.6.5/gems/certificate_authority-0.1.6/lib/certificate_authority/certificate.rb:94: warning: constant OpenSSL::Digest::Digest is deprecated
./Users/ztz/.rvm/gems/ruby-2.6.5/gems/certificate_authority-0.1.6/lib/certificate_authority/certificate.rb:94: warning: constant OpenSSL::Digest::Digest is deprecated
/Users/ztz/.rvm/gems/ruby-2.6.5/gems/certificate_authority-0.1.6/lib/certificate_authority/certificate.rb:96: warning: constant OpenSSL::Digest::Digest is deprecated
.........*................*............/Users/ztz/.rvm/gems/ruby-2.6.5/gems/certificate_authority-0.1.6/lib/certificate_authority/certificate.rb:94: warning: constant OpenSSL::Digest::Digest is deprecated
/Users/ztz/.rvm/gems/ruby-2.6.5/gems/certificate_authority-0.1.6/lib/certificate_authority/certificate.rb:96: warning: constant OpenSSL::Digest::Digest is deprecated
/Users/ztz/.rvm/gems/ruby-2.6.5/gems/certificate_authority-0.1.6/lib/certificate_authority/certificate.rb:94: warning: constant OpenSSL::Digest::Digest is deprecated
/Users/ztz/.rvm/gems/ruby-2.6.5/gems/certificate_authority-0.1.6/lib/certificate_authority/certificate.rb:96: warning: constant OpenSSL::Digest::Digest is deprecated
....

Pending: (Failures listed here are expected and do not affect your suite's status)

  1) Ritm http when intercepting requests content-length should not update the content-length when disabled
     # Net:HTTP seems to always update content-length
     # ./spec/intercept_spec.rb:107

  2) Ritm https when intercepting requests content-length should not update the content-length when disabled
     # Net:HTTP seems to always update content-length
     # ./spec/intercept_spec.rb:107


Finished in 12.84 seconds (files took 0.52544 seconds to load)
47 examples, 0 failures, 2 pending

Coverage report generated for RSpec to /Users/ztz/Projects/ritm/coverage. 402 / 432 LOC (93.06%) covered.

My Ruby version is ruby 2.6.5p114 (2019-10-01 revision 67812) [x86_64-darwin19]

zt2
zt2 commented Apr 5, 2020
View reviewed changes
lib/ritm/certs/certificate.rb
cert.not_before = cert.not_before - 3600 * 24 * 30 # Substract 30 days
cert.serial_number.number = serial_number || common_name.hash.abs
cert.key_material.generate_key(1024)
cert.key_material.generate_key(4096)
Copy link
Author

@zt2 zt2 Apr 5, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fix ERR_CERT_WEAK_KEY error from browser

zt2
zt2 commented Apr 5, 2020
View reviewed changes
lib/ritm/proxy/cert_signing_https_server.rb
Comment on lines +38 to +41
extensions['extensions']['subjectAltName'] = {
'dns_names' => [servername],
'uris' => [servername]
}
Copy link
Author

@zt2 zt2 Apr 5, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fix "Subject Alternative Name Missing" in browser

zt2
zt2 commented Apr 5, 2020
View reviewed changes
lib/ritm/proxy/launcher.rb
Comment on lines +56 to +57
@https = Ritm::Proxy::SSLReverseProxy.new(@conf.ssl_reverse_proxy.bind_address,
@conf.ssl_reverse_proxy.bind_port,
Copy link
Author

@zt2 zt2 Apr 5, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Allow access from the device in the same network, this is useful when you need to inception HTTPS between an iOS app and a remote server.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@zt2 @argos83