Commit dd85958
committed
fix: do not use cert '-subj' with hostname to generate cert, use subjectAltName
Cause: The code was using openssl -subj /CN=$(hostname) to generate the
cert used for the server. The argument to '-subj' has a maximum length
of 64 characters, but the hostname is longer than that.
Consequence: The role would issue an error attempting to generate the
certificate if the hostname was too long.
Fix: Do not use '-subj' with the hostname. Certificate verification uses subjectAltName
and the role was already using this in the generated cert. However, we have
to have something in `-subj` otherwise openssl will prompt for input, so we
just use `/O=Red Hat` as is used with the token signer.
Result: The role can generate certificates which are secure without an
error when the hostnames are too long for `-subj`.
Signed-off-by: Rich Megginson <rmeggins@redhat.com>1 parent 188996a commit dd85958
1 file changed
Lines changed: 1 addition & 1 deletion
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
38 | 38 | | |
39 | 39 | | |
40 | 40 | | |
41 | | - | |
| 41 | + | |
42 | 42 | | |
43 | 43 | | |
44 | 44 | | |
| |||
0 commit comments