Let's encrypt! #281
Merged
Let's encrypt! #281
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Ok, this works for the remote and local names at this point. A couple things need to happen once this is merged,
|
| @@ -45,13 +45,10 @@ pub struct FoxBox { | |||
| profile_service: Arc<ProfileService>, | |||
| } | |||
|
|
|||
| const DEFAULT_HOSTNAME: &'static str = "::"; // ipv6 default. | |||
| const DEFAULT_DOMAIN: &'static str = ".local"; | |||
|
|
|||
| impl FoxBox { | |||
|
|
|||
There was a problem hiding this comment.
uber-nit: let's take the chance and remove this extra line.
| } | ||
| } | ||
| } else { | ||
| info!("Unable to send request to {}", self.registration_endpoint); |
|
As usual, this is an excellent work, Sam :) I tested the patch locally and it works. In general, the code looks good to me. I only added a bunch of comments about minor stuff. It would be great if you could improve the documentation. The process is a bit complex and it's hard to get it just by reading the code. Thanks for working on this! I'm CCing @fabricedesre and @michielbdejong in case that they also want to take a look. |
- Include the scheme in the message posted to the registration server - Generates LetsEncrypt certificate for the local domain on the fly - Use a DnsRecord to decribe the entry to the DNS server - Each box has a preset name that a self-signed certificate is created for. This is then used as the identifier for that box, and is used in the creation of names that can be added to a SAN cert - Register the remote tunnel name using the certificate fingerprint - Fix the command line arguments to include the dns-api endpoint option - Don't parameterise the CertificateManager by type implementation, instead use a Box (fat pointer) to an SslContextProvider - Refactor registrar
|
Rebased and squashed! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Needs some tests + cleanup before landing - this is a first pass.
If you try this, the box needs to be restarted and then you'll have the cert loaded, it can be done on the fly, it just doesn't work right now.