Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[v12] Fix self-signed cert validity on macOS systems #33158

Merged
merged 1 commit into from
Oct 9, 2023
Merged

[v12] Fix self-signed cert validity on macOS systems #33158

merged 1 commit into from
Oct 9, 2023

Conversation

zmb3
Copy link
Collaborator

@zmb3 zmb3 commented Oct 9, 2023

Backport #32698 to branch/v12

@zmb3
Fix self-signed cert validity on macOS systems
051631c 
As per https://support.apple.com/en-in/HT210176:

> TLS server certificates must contain an ExtendedKeyUsage (EKU)
  extension containing the id-kp-serverAuth OID.

We were not specifying this EKU.

Validated by checking with the old self-signed certs:

    $ security verify-cert -c webproxy_cert.pem -p ssl -r webproxy_cert.pem
    Cert Verify Result: Invalid Extended Key Usage for policy

And then repeating the process after this change:

    $ security verify-cert -c webproxy_cert.pem -p ssl -r webproxy_cert.pem
    ...certificate verification successful.

Closes #32531
@zmb3 zmb3 added this pull request to the merge queue Oct 9, 2023
Merged via the queue into branch/v12 with commit b481898 Oct 9, 2023
18 checks passed
@zmb3 zmb3 deleted the bot/backport-32698-branch/v12 branch October 9, 2023 18:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tigrato tigrato tigrato approved these changes

@rosstimothy rosstimothy rosstimothy approved these changes

Assignees
No one assigned
Labels
backport size/sm
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@zmb3 @tigrato @rosstimothy