github/skopeo
1
0
Fork 0
mirror of https://github.com/containers/skopeo.git synced 2025-04-27 11:01:18 +00:00
Code Issues Projects Releases Wiki Activity

Add Subject Alternative Name to local openssl cert

Browse Source 
Go 1.15 deprecates checking CN; this broke gating tests:

   Get "https://localhost:5000/v2/": x509: certificate relies on legacy Common Name field, use SANs or temporarily enable Common Name matching with GODEBUG=x509ignoreCN=0

Easy two-line solution in the 'openssl' invocation. Huge
thanks to Nalin for tracking down and fixing while I was
still getting started:

   https://github.com/containers/buildah/pull/2595

Copied from 0f2892a5b021de3b1cf273f5679fda8298b57c02 in buildah

Signed-off-by: Ed Santiago <santiago@redhat.com>
This commit is contained in:
Ed Santiago 2020-10-01 06:32:55 -06:00
parent 6dabefa9db
commit f9773889a1
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
systemtest/helpers.bash
View File

@ -331,7 +331,8 @@ start_registry() {
log_and_run openssl req -newkey rsa:4096 -nodes -sha256 \
-keyout $AUTHDIR/domain.key -x509 -days 2 \
-out $CERT \
-subj "/C=US/ST=Foo/L=Bar/O=Red Hat, Inc./CN=localhost"
-subj "/C=US/ST=Foo/L=Bar/O=Red Hat, Inc./CN=registry host certificate" \
-addext subjectAltName=DNS:localhost
fi
reg_args+=(