Skip to content
This repository has been archived by the owner on Jan 1, 2021. It is now read-only.

Commit

Permalink
Merge pull request #1029 from posita/bugfix/make-subject-different-fr…
Browse files Browse the repository at this point in the history 
…om-issuer

READY FOR REVIEW - work around OpenSSL issue which mistakes a cert as self-signed if CA org == cert org
  • Loading branch information
@tianon
tianon committed Aug 10, 2015
2 parents 2797009 + 6c84f36 commit eaaaeae
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 5 deletions.
2 changes: 1 addition & 1 deletion Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -139,7 +139,7 @@ RUN for dep in $TCZ_DEPS; do \
done

# get generate_cert
RUN curl -L -o $ROOTFS/usr/local/bin/generate_cert https://github.com/SvenDowideit/generate_cert/releases/download/0.1/generate_cert-0.1-linux-386/ && \
RUN curl -L -o $ROOTFS/usr/local/bin/generate_cert https://github.com/SvenDowideit/generate_cert/releases/download/0.2/generate_cert-0.2-linux-amd64 && \
chmod +x $ROOTFS/usr/local/bin/generate_cert

# Build VBox guest additions
Expand Down
11 changes: 7 additions & 4 deletions rootfs/rootfs/usr/local/etc/init.d/docker
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,9 @@ test -f '/var/lib/boot2docker/profile' && . '/var/lib/boot2docker/profile'
: ${SERVERKEY:="${CERTDIR}serverkey.pem"}
: ${CERT:="${CERTDIR}cert.pem"}
: ${KEY:="${CERTDIR}key.pem"}
: ${ORG:=Boot2Docker}
: ${SERVERORG:="${ORG}"}
: ${CAORG:="${ORG}CA"} # Append 'CA'; see <http://rt.openssl.org/Ticket/History.html?use r=guest&pass=guest&id=3979>

# Add /usr/local/sbin to the path.
export PATH=${PATH}:/usr/local/sbin
Expand All @@ -41,21 +44,21 @@ start() {
chmod 700 "$CERTDIR"
if [ ! -f "$CACERT" ] || [ ! -f "$CAKEY" ]; then
echo "Generating CA cert"
/usr/local/bin/generate_cert --cert="$CACERT" --key="$CAKEY"
/usr/local/bin/generate_cert --cert="$CACERT" --key="$CAKEY" --org="$CAORG"
rm "$SERVERCERT" "$SERVERKEY" "$CERT" "$KEY" "$CERTDIR/hostnames"
fi

CERTSEXISTFOR=$(cat "$CERTDIR/hostnames" 2>/dev/null)
if [ "$CERTHOSTNAMES" != "$CERTSEXISTFOR" ]; then
echo "Generate server cert"
echo /usr/local/bin/generate_cert --host="$CERTHOSTNAMES" --ca="$CACERT" --ca-key="$CAKEY" --cert="$SERVERCERT" --key="$SERVERKEY"
/usr/local/bin/generate_cert --host="$CERTHOSTNAMES" --ca="$CACERT" --ca-key="$CAKEY" --cert="$SERVERCERT" --key="$SERVERKEY"
echo /usr/local/bin/generate_cert --host="$CERTHOSTNAMES" --ca="$CACERT" --ca-key="$CAKEY" --cert="$SERVERCERT" --key="$SERVERKEY" --org="$SERVERORG"
/usr/local/bin/generate_cert --host="$CERTHOSTNAMES" --ca="$CACERT" --ca-key="$CAKEY" --cert="$SERVERCERT" --key="$SERVERKEY" --org="$SERVERORG"
echo "$CERTHOSTNAMES" > "$CERTDIR/hostnames"
fi

if [ ! -f "$CERT" ] || [ ! -f "$KEY" ]; then
echo "Generating client cert"
/usr/local/bin/generate_cert --ca="$CACERT" --ca-key="$CAKEY" --cert="$CERT" --key="$KEY"
/usr/local/bin/generate_cert --ca="$CACERT" --ca-key="$CAKEY" --cert="$CERT" --key="$KEY" --org="$ORG"
fi

if [ "$DOCKER_TLS" == "auto" ]; then
Expand Down

0 comments on commit eaaaeae

Please sign in to comment.