crypto/tls: generate_cert.go is out of date in weekly #2635
Labels
Milestone
Comments
|
Labels changed: added priority-go1, removed priority-triage. Owner changed to @agl. Status changed to Accepted. |
http://golang.org/cl/5512043 Status changed to Started. |
|
This issue was closed by revision d5e6b8d. Status changed to Fixed. |
I think it's a nice example. It shows people who are using ListenAndServeTLS for the first time how to use flag, crypto/tls and time, and how to do a little file manipulation. If this is removed, or if it won't be supported, may I suggest that the documentation for net/http.ListenAndServeTLS is changed from: "One can use generate_cert.go in crypto/tls to generate cert.pem and key.pem." to something like: "One can generate cert.pem and key.pem using OpenSSL: # openssl genrsa -out key.pem 2048 # openssl req -new -key key.pem -out req.csr # openssl x509 -req -days 3650 -in req.csr -signkey key.pem -out cert.pem # rm -f req.csr " Nobody remembers these commands, and leaving it and generate_cert out of the docs create an unnecessary obstacle. (The downside, of course, is that e.g. Windows users have no easy/out-of-the-box way to set up a Go SSL server.) |
mikioh
changed the title
FiloSottile
pushed a commit
to FiloSottile/go
that referenced
this issue
Oct 12, 2018
Fixes golang#2635. R=golang-dev, iant CC=golang-dev https://golang.org/cl/5512043
This issue was closed.
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Which revision are you using? weekly.2011-12-22 After the recent changes to the time package, crypto/tls/generate_cert.go no longer compiles, and fixing it is not completely trivial: diff -r 4a8268927758 src/pkg/crypto/tls/generate_cert.go --- a/src/pkg/crypto/tls/generate_cert.go Fri Dec 23 14:28:01 2011 +1100 +++ b/src/pkg/crypto/tls/generate_cert.go Thu Dec 29 21:34:53 2011 +0100 @@ -31,7 +31,7 @@ return } - now := time.Seconds() + now := time.Now() template := x509.Certificate{ SerialNumber: new(big.Int).SetInt64(0), @@ -39,8 +39,8 @@ CommonName: *hostName, Organization: []string{"Acme Co"}, }, - NotBefore: time.SecondsToUTC(now - 300), - NotAfter: time.SecondsToUTC(now + 60*60*24*365), // valid for 1 year. + NotBefore: now.Add(-5 * time.Minute).UTC(), + NotAfter: now.Add(time.Hour * 24 * 365).UTC(), // valid for 1 year. SubjectKeyId: []byte{1, 2, 3, 4}, KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature, ----- # ./orig.out 2011/12/29 21:31:43 written cert.pem 2011/12/29 21:31:43 written key.pem # openssl x509 -text -in cert.pem Certificate: Data: Version: 3 (0x2) Serial Number: 0 (0x0) Signature Algorithm: sha1WithRSAEncryption Issuer: O=Acme Co, CN=127.0.0.1 Validity Not Before: Dec 29 20:26:43 2011 GMT Not After : Dec 28 20:31:43 2012 GMT Subject: O=Acme Co, CN=127.0.0.1 Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (1024 bit) Modulus: 00:93:be:a8:c0:6c:4b:b0:ea:94:e2:66:18:49:75: 94:f9:28:a9:1f:33:c6:8c:69:0a:90:b6:08:76:d4: 4a:44:44:8a:9b:e5:46:6c:74:9f:29:9d:b7:67:2b: 4d:8f:a3:dd:b0:02:68:a1:91:a6:c3:5d:a1:7f:1d: 3e:d0:25:66:b5:bc:80:3d:9a:9a:d3:65:d3:e3:ba: 63:d6:0e:1e:30:88:05:5d:81:c9:2d:52:06:76:c4: 56:b0:14:8f:8e:66:8f:23:65:21:fe:cb:f7:ea:ba: 48:4b:7d:0e:0e:32:83:7b:4d:46:c9:d5:e9:4b:d5: 92:06:38:3a:dc:ae:77:2c:0b Exponent: 3 (0x3) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Subject Key Identifier: 01:02:03:04 X509v3 Authority Key Identifier: keyid:01:02:03:04 Signature Algorithm: sha1WithRSAEncryption 0c:9e:c5:36:92:c1:76:87:03:00:e7:3e:ad:be:89:f6:b5:8d: 7d:c0:72:5e:57:b9:5a:1b:8b:61:3e:b1:32:5f:d6:8f:6a:7a: c4:a0:6c:1d:d7:69:5d:09:c5:d9:1a:1f:8d:63:22:20:23:b1: ee:01:73:58:d2:30:1b:73:77:06:97:44:a7:99:a7:39:d2:e3: 32:75:60:22:9c:c0:55:6f:94:bc:2d:16:5e:44:bd:7a:ff:54: 00:47:87:5b:55:d3:7e:08:e7:cb:5b:24:51:74:09:31:4e:1f: 5e:94:8c:4f:63:b9:15:2a:f8:fd:01:1a:02:45:68:49:b7:2e: c0:17 -----BEGIN CERTIFICATE----- MIIB7DCCAVegAwIBAgIBADALBgkqhkiG9w0BAQUwJjEQMA4GA1UEChMHQWNtZSBD bzESMBAGA1UEAxMJMTI3LjAuMC4xMB4XDTExMTIyOTIwMjY0M1oXDTEyMTIyODIw MzE0M1owJjEQMA4GA1UEChMHQWNtZSBDbzESMBAGA1UEAxMJMTI3LjAuMC4xMIGb MAsGCSqGSIb3DQEBAQOBiwAwgYcCgYEAk76owGxLsOqU4mYYSXWU+SipHzPGjGkK kLYIdtRKRESKm+VGbHSfKZ23ZytNj6PdsAJooZGmw12hfx0+0CVmtbyAPZqa02XT 47pj1g4eMIgFXYHJLVIGdsRWsBSPjmaPI2Uh/sv36rpIS30ODjKDe01GydXpS9WS Bjg63K53LAsCAQOjMjAwMA4GA1UdDwEB/wQEAwIAoDANBgNVHQ4EBgQEAQIDBDAP BgNVHSMECDAGgAQBAgMEMAsGCSqGSIb3DQEBBQOBgQAMnsU2ksF2hwMA5z6tvon2 tY19wHJeV7laG4thPrEyX9aPanrEoGwd12ldCcXZGh+NYyIgI7HuAXNY0jAbc3cG l0Snmac50uMydWAinMBVb5S8LRZeRL16/1QAR4dbVdN+COfLWyRRdAkxTh9elIxP Y7kVKvj9ARoCRWhJty7AFw== -----END CERTIFICATE----- # ./new.out 2011/12/29 21:31:44 written cert.pem 2011/12/29 21:31:44 written key.pem # openssl x509 -text -in new-cert.pem Certificate: Data: Version: 3 (0x2) Serial Number: 0 (0x0) Signature Algorithm: sha1WithRSAEncryption Issuer: O=Acme Co, CN=127.0.0.1 Validity Not Before: Dec 29 20:26:44 2011 GMT Not After : Dec 28 20:31:44 2012 GMT Subject: O=Acme Co, CN=127.0.0.1 Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (1024 bit) Modulus: 00:96:16:8c:bf:61:c5:3d:d8:8f:f4:97:ca:63:7c: 24:dc:16:18:38:93:e7:60:7c:00:d2:41:bc:4c:20: 1b:fb:59:3e:17:5f:64:cb:ab:80:f5:bb:f7:9d:2f: 05:ed:17:38:bd:9c:89:cf:df:16:81:e0:8c:74:dd: df:51:13:7c:df:40:46:b4:4f:1d:05:eb:a2:72:4b: d3:37:ae:3c:29:84:2c:f8:11:83:a0:99:3e:68:4e: 90:65:80:f9:c7:a7:9e:c3:f0:a6:cf:cb:73:2f:5d: fe:90:ce:db:b0:ad:14:6a:4d:6f:5b:92:9b:76:13: 3c:4f:f0:32:b3:ab:cc:c4:fb Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Subject Key Identifier: 01:02:03:04 X509v3 Authority Key Identifier: keyid:01:02:03:04 Signature Algorithm: sha1WithRSAEncryption 93:51:9f:be:45:59:f9:ff:90:12:3e:64:dd:5c:69:56:22:18: 8e:d0:0d:df:fe:65:2e:34:5b:67:10:2a:90:ac:55:61:af:a0: 78:fe:a5:f9:e9:fa:18:d2:70:63:5b:5f:3c:6d:00:1f:aa:58: 1b:8e:a0:a6:61:66:53:ef:19:e6:a5:ad:5a:74:02:00:2a:12: 00:b5:56:da:b6:5a:79:8a:67:4a:53:74:0d:73:3a:16:f6:99: 68:9e:e1:4e:a7:83:b4:f1:ff:31:b0:b1:8c:ce:51:3c:3d:34: 38:1a:5d:c5:7f:ca:87:b7:88:24:97:8a:c1:c6:07:e1:c1:e9: 11:7a -----BEGIN CERTIFICATE----- MIIB7jCCAVmgAwIBAgIBADALBgkqhkiG9w0BAQUwJjEQMA4GA1UEChMHQWNtZSBD bzESMBAGA1UEAxMJMTI3LjAuMC4xMB4XDTExMTIyOTIwMjY0NFoXDTEyMTIyODIw MzE0NFowJjEQMA4GA1UEChMHQWNtZSBDbzESMBAGA1UEAxMJMTI3LjAuMC4xMIGd MAsGCSqGSIb3DQEBAQOBjQAwgYkCgYEAlhaMv2HFPdiP9JfKY3wk3BYYOJPnYHwA 0kG8TCAb+1k+F19ky6uA9bv3nS8F7Rc4vZyJz98WgeCMdN3fURN830BGtE8dBeui ckvTN648KYQs+BGDoJk+aE6QZYD5x6eew/Cmz8tzL13+kM7bsK0Uak1vW5KbdhM8 T/Ays6vMxPsCAwEAAaMyMDAwDgYDVR0PAQH/BAQDAgCgMA0GA1UdDgQGBAQBAgME MA8GA1UdIwQIMAaABAECAwQwCwYJKoZIhvcNAQEFA4GBAJNRn75FWfn/kBI+ZN1c aVYiGI7QDd/+ZS40W2cQKpCsVWGvoHj+pfnp+hjScGNbXzxtAB+qWBuOoKZhZlPv GealrVp0AgAqEgC1Vtq2WnmKZ0pTdA1zOhb2mWie4U6ng7Tx/zGwsYzOUTw9NDga XcV/yoe3iCSXisHGB+HB6RF6 -----END CERTIFICATE-----The text was updated successfully, but these errors were encountered: