Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

crypto/tls: generate_cert.go is out of date in weekly #2635

Closed
patrickmn opened this issue Dec 29, 2011 · 7 comments
Closed

crypto/tls: generate_cert.go is out of date in weekly #2635

patrickmn opened this issue Dec 29, 2011 · 7 comments
Milestone

Comments

@patrickmn
Copy link

@patrickmn patrickmn commented Dec 29, 2011

Which revision are you using? weekly.2011-12-22

After the recent changes to the time package, crypto/tls/generate_cert.go no longer
compiles, and fixing it is not completely trivial:

diff -r 4a8268927758 src/pkg/crypto/tls/generate_cert.go
--- a/src/pkg/crypto/tls/generate_cert.go   Fri Dec 23 14:28:01 2011 +1100
+++ b/src/pkg/crypto/tls/generate_cert.go   Thu Dec 29 21:34:53 2011 +0100
@@ -31,7 +31,7 @@
        return
    }
 
-   now := time.Seconds()
+   now := time.Now()
 
    template := x509.Certificate{
        SerialNumber: new(big.Int).SetInt64(0),
@@ -39,8 +39,8 @@
            CommonName:   *hostName,
            Organization: []string{"Acme Co"},
        },
-       NotBefore: time.SecondsToUTC(now - 300),
-       NotAfter:  time.SecondsToUTC(now + 60*60*24*365), // valid for 1 year.
+       NotBefore: now.Add(-5 * time.Minute).UTC(),
+       NotAfter:  now.Add(time.Hour * 24 * 365).UTC(), // valid for 1 year.
 
        SubjectKeyId: []byte{1, 2, 3, 4},
        KeyUsage:     x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature,

-----


# ./orig.out
2011/12/29 21:31:43 written cert.pem
2011/12/29 21:31:43 written key.pem

# openssl x509 -text -in cert.pem
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 0 (0x0)
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: O=Acme Co, CN=127.0.0.1
        Validity
            Not Before: Dec 29 20:26:43 2011 GMT
            Not After : Dec 28 20:31:43 2012 GMT
        Subject: O=Acme Co, CN=127.0.0.1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (1024 bit)
                Modulus:
                    00:93:be:a8:c0:6c:4b:b0:ea:94:e2:66:18:49:75:
                    94:f9:28:a9:1f:33:c6:8c:69:0a:90:b6:08:76:d4:
                    4a:44:44:8a:9b:e5:46:6c:74:9f:29:9d:b7:67:2b:
                    4d:8f:a3:dd:b0:02:68:a1:91:a6:c3:5d:a1:7f:1d:
                    3e:d0:25:66:b5:bc:80:3d:9a:9a:d3:65:d3:e3:ba:
                    63:d6:0e:1e:30:88:05:5d:81:c9:2d:52:06:76:c4:
                    56:b0:14:8f:8e:66:8f:23:65:21:fe:cb:f7:ea:ba:
                    48:4b:7d:0e:0e:32:83:7b:4d:46:c9:d5:e9:4b:d5:
                    92:06:38:3a:dc:ae:77:2c:0b
                Exponent: 3 (0x3)
        X509v3 extensions:
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            X509v3 Subject Key Identifier: 
                01:02:03:04
            X509v3 Authority Key Identifier: 
                keyid:01:02:03:04

    Signature Algorithm: sha1WithRSAEncryption
        0c:9e:c5:36:92:c1:76:87:03:00:e7:3e:ad:be:89:f6:b5:8d:
        7d:c0:72:5e:57:b9:5a:1b:8b:61:3e:b1:32:5f:d6:8f:6a:7a:
        c4:a0:6c:1d:d7:69:5d:09:c5:d9:1a:1f:8d:63:22:20:23:b1:
        ee:01:73:58:d2:30:1b:73:77:06:97:44:a7:99:a7:39:d2:e3:
        32:75:60:22:9c:c0:55:6f:94:bc:2d:16:5e:44:bd:7a:ff:54:
        00:47:87:5b:55:d3:7e:08:e7:cb:5b:24:51:74:09:31:4e:1f:
        5e:94:8c:4f:63:b9:15:2a:f8:fd:01:1a:02:45:68:49:b7:2e:
        c0:17
-----BEGIN CERTIFICATE-----
MIIB7DCCAVegAwIBAgIBADALBgkqhkiG9w0BAQUwJjEQMA4GA1UEChMHQWNtZSBD
bzESMBAGA1UEAxMJMTI3LjAuMC4xMB4XDTExMTIyOTIwMjY0M1oXDTEyMTIyODIw
MzE0M1owJjEQMA4GA1UEChMHQWNtZSBDbzESMBAGA1UEAxMJMTI3LjAuMC4xMIGb
MAsGCSqGSIb3DQEBAQOBiwAwgYcCgYEAk76owGxLsOqU4mYYSXWU+SipHzPGjGkK
kLYIdtRKRESKm+VGbHSfKZ23ZytNj6PdsAJooZGmw12hfx0+0CVmtbyAPZqa02XT
47pj1g4eMIgFXYHJLVIGdsRWsBSPjmaPI2Uh/sv36rpIS30ODjKDe01GydXpS9WS
Bjg63K53LAsCAQOjMjAwMA4GA1UdDwEB/wQEAwIAoDANBgNVHQ4EBgQEAQIDBDAP
BgNVHSMECDAGgAQBAgMEMAsGCSqGSIb3DQEBBQOBgQAMnsU2ksF2hwMA5z6tvon2
tY19wHJeV7laG4thPrEyX9aPanrEoGwd12ldCcXZGh+NYyIgI7HuAXNY0jAbc3cG
l0Snmac50uMydWAinMBVb5S8LRZeRL16/1QAR4dbVdN+COfLWyRRdAkxTh9elIxP
Y7kVKvj9ARoCRWhJty7AFw==
-----END CERTIFICATE-----


# ./new.out
2011/12/29 21:31:44 written cert.pem
2011/12/29 21:31:44 written key.pem

# openssl x509 -text -in new-cert.pem
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 0 (0x0)
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: O=Acme Co, CN=127.0.0.1
        Validity
            Not Before: Dec 29 20:26:44 2011 GMT
            Not After : Dec 28 20:31:44 2012 GMT
        Subject: O=Acme Co, CN=127.0.0.1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (1024 bit)
                Modulus:
                    00:96:16:8c:bf:61:c5:3d:d8:8f:f4:97:ca:63:7c:
                    24:dc:16:18:38:93:e7:60:7c:00:d2:41:bc:4c:20:
                    1b:fb:59:3e:17:5f:64:cb:ab:80:f5:bb:f7:9d:2f:
                    05:ed:17:38:bd:9c:89:cf:df:16:81:e0:8c:74:dd:
                    df:51:13:7c:df:40:46:b4:4f:1d:05:eb:a2:72:4b:
                    d3:37:ae:3c:29:84:2c:f8:11:83:a0:99:3e:68:4e:
                    90:65:80:f9:c7:a7:9e:c3:f0:a6:cf:cb:73:2f:5d:
                    fe:90:ce:db:b0:ad:14:6a:4d:6f:5b:92:9b:76:13:
                    3c:4f:f0:32:b3:ab:cc:c4:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            X509v3 Subject Key Identifier: 
                01:02:03:04
            X509v3 Authority Key Identifier: 
                keyid:01:02:03:04

    Signature Algorithm: sha1WithRSAEncryption
        93:51:9f:be:45:59:f9:ff:90:12:3e:64:dd:5c:69:56:22:18:
        8e:d0:0d:df:fe:65:2e:34:5b:67:10:2a:90:ac:55:61:af:a0:
        78:fe:a5:f9:e9:fa:18:d2:70:63:5b:5f:3c:6d:00:1f:aa:58:
        1b:8e:a0:a6:61:66:53:ef:19:e6:a5:ad:5a:74:02:00:2a:12:
        00:b5:56:da:b6:5a:79:8a:67:4a:53:74:0d:73:3a:16:f6:99:
        68:9e:e1:4e:a7:83:b4:f1:ff:31:b0:b1:8c:ce:51:3c:3d:34:
        38:1a:5d:c5:7f:ca:87:b7:88:24:97:8a:c1:c6:07:e1:c1:e9:
        11:7a
-----BEGIN CERTIFICATE-----
MIIB7jCCAVmgAwIBAgIBADALBgkqhkiG9w0BAQUwJjEQMA4GA1UEChMHQWNtZSBD
bzESMBAGA1UEAxMJMTI3LjAuMC4xMB4XDTExMTIyOTIwMjY0NFoXDTEyMTIyODIw
MzE0NFowJjEQMA4GA1UEChMHQWNtZSBDbzESMBAGA1UEAxMJMTI3LjAuMC4xMIGd
MAsGCSqGSIb3DQEBAQOBjQAwgYkCgYEAlhaMv2HFPdiP9JfKY3wk3BYYOJPnYHwA
0kG8TCAb+1k+F19ky6uA9bv3nS8F7Rc4vZyJz98WgeCMdN3fURN830BGtE8dBeui
ckvTN648KYQs+BGDoJk+aE6QZYD5x6eew/Cmz8tzL13+kM7bsK0Uak1vW5KbdhM8
T/Ays6vMxPsCAwEAAaMyMDAwDgYDVR0PAQH/BAQDAgCgMA0GA1UdDgQGBAQBAgME
MA8GA1UdIwQIMAaABAECAwQwCwYJKoZIhvcNAQEFA4GBAJNRn75FWfn/kBI+ZN1c
aVYiGI7QDd/+ZS40W2cQKpCsVWGvoHj+pfnp+hjScGNbXzxtAB+qWBuOoKZhZlPv
GealrVp0AgAqEgC1Vtq2WnmKZ0pTdA1zOhb2mWie4U6ng7Tx/zGwsYzOUTw9NDga
XcV/yoe3iCSXisHGB+HB6RF6
-----END CERTIFICATE-----
@adg

This comment has been minimized.

Copy link
Contributor

@adg adg commented Jan 4, 2012

Comment 1:

Labels changed: added priority-go1, removed priority-triage.

Owner changed to @agl.

Status changed to Accepted.

@agl

This comment has been minimized.

Copy link
Contributor

@agl agl commented Jan 4, 2012

Comment 2:

http://golang.org/cl/5512043

Status changed to Started.

@bradfitz

This comment has been minimized.

Copy link
Contributor

@bradfitz bradfitz commented Jan 4, 2012

Comment 3:

More than just fixing this, this should be compiled as part of the build.
(probably moving it to its own gencert directory under crypto/tls?)
@agl

This comment has been minimized.

Copy link
Contributor

@agl agl commented Jan 4, 2012

Comment 4:

This issue was closed by revision d5e6b8d.

Status changed to Fixed.

@agl

This comment has been minimized.

Copy link
Contributor

@agl agl commented Jan 4, 2012

Comment 5:

brad: it's just example code. I don't think it's suitable to be built as a standalone
program, at least not without a fair bit of a work. And I suspect that everyone uses
OpenSSL to generate certs in any case.
@bradfitz

This comment has been minimized.

Copy link
Contributor

@bradfitz bradfitz commented Jan 4, 2012

Comment 6:

I guess.  But this has broken a half dozen times now.  It'd be nice to make sure it
compiles, just like we make sure our examples & our docs now compile.
@patrickmn

This comment has been minimized.

Copy link
Author

@patrickmn patrickmn commented Jan 10, 2012

Comment 7:

I think it's a nice example. It shows people who are using ListenAndServeTLS for the
first time how to use flag, crypto/tls and time, and how to do a little file
manipulation.
If this is removed, or if it won't be supported, may I suggest that the documentation
for net/http.ListenAndServeTLS is changed from:
"One can use generate_cert.go in crypto/tls to generate cert.pem and key.pem."
to something like: 
"One can generate cert.pem and key.pem using OpenSSL:
# openssl genrsa -out key.pem 2048
# openssl req -new -key key.pem -out req.csr
# openssl x509 -req -days 3650 -in req.csr -signkey key.pem -out cert.pem
# rm -f req.csr
"
Nobody remembers these commands, and leaving it and generate_cert out of the docs create
an unnecessary obstacle. (The downside, of course, is that e.g. Windows users have no
easy/out-of-the-box way to set up a Go SSL server.)
@mikioh mikioh changed the title crypto/tls/generate_cert.go is out of date in weekly crypto/tls: generate_cert.go is out of date in weekly Jan 14, 2015
@rsc rsc added this to the Go1 milestone Apr 10, 2015
@rsc rsc removed the priority-go1 label Apr 10, 2015
@golang golang locked and limited conversation to collaborators Jun 24, 2016
FiloSottile pushed a commit to FiloSottile/go that referenced this issue Oct 12, 2018
This issue was closed.
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
6 participants
You can’t perform that action at this time.