Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Auto regenerate TLS cert #3011

Merged
merged 3 commits into from Jun 14, 2019

Conversation

Projects
None yet
5 participants
@orbitalturtle
Copy link
Contributor

commented Apr 25, 2019

Auto-regenerates TLS files once expired.

Fixes #2758

@cfromknecht cfromknecht added this to the 0.7 milestone May 8, 2019

@redstorm1

This comment has been minimized.

Copy link

commented May 14, 2019

I'm suffering from this issue. the auto generated cert has expired and connections now fail. cannot even unlock the wallet.

Organization: lnd autogenerated cert
Valid From: March 18, 2018
Valid To: May 13, 2019

[lncli] rpc error: code = Unavailable desc = all SubConns are in TransientFailure, latest connection error: connection error: desc = "transport: authentication handshake failed: x509: certificate has expired or is not yet valid"

@cfromknecht
Copy link
Collaborator

left a comment

@orbitalturtle thanks for fixing this! completed an initial pass, changes look pretty good to me. mostly minor nits

Show resolved Hide resolved lnd_test.go Outdated
Show resolved Hide resolved lnd_test.go Outdated
Show resolved Hide resolved lnd_test.go Outdated
Show resolved Hide resolved lnd_test.go Outdated
Show resolved Hide resolved lnd_test.go Outdated
Show resolved Hide resolved lnd_test.go Outdated
Show resolved Hide resolved lnd_test.go Outdated
Show resolved Hide resolved lnd_test.go Outdated
@cfromknecht

This comment has been minimized.

Copy link
Collaborator

commented May 14, 2019

@redstorm1 in the meantime you can try deleting the tls.cert and tls.key and restarting lnd

@cfromknecht

This comment has been minimized.

Copy link
Collaborator

commented May 22, 2019

@orbitalturtle any progress on this front? should we keep this slated for 0.7?

@orbitalturtle

This comment has been minimized.

Copy link
Contributor Author

commented May 22, 2019

Hey @cfromknecht - sure that all sounds good, I'll push up my revisions tomorrow. :)

@cfromknecht

This comment has been minimized.

Copy link
Collaborator

commented May 23, 2019

@orbitalturtle excellent, thanks!

@orbitalturtle orbitalturtle force-pushed the orbitalturtle:auto-regenerate-cert branch from 522a567 to a4677d9 May 25, 2019

@orbitalturtle

This comment has been minimized.

Copy link
Contributor Author

commented May 25, 2019

@cfromknecht Ok finally revised that! Lmk if I can be of any more assistance. Less busy now, so will be more responsive.

@cfromknecht
Copy link
Collaborator

left a comment

thanks @orbitalturtle! couple small comments, otherwise looking pretty good

Show resolved Hide resolved lntest/node.go
Show resolved Hide resolved lnd_test.go Outdated

@orbitalturtle orbitalturtle force-pushed the orbitalturtle:auto-regenerate-cert branch from a4677d9 to 128c0ec May 31, 2019

@cfromknecht

This comment has been minimized.

Copy link
Collaborator

commented Jun 1, 2019

@orbitalturtle this probably needs a rebase, since the main lnd_test.go file has been recently moved to lntest/itest/lnd_test.go

@cfromknecht

This comment has been minimized.

Copy link
Collaborator

commented Jun 5, 2019

@orbitalturtle be sure to run make lint, the current build is failing with lntest/node.go:1::warning: file is not gofmted with -s (gofmt)

also recommend not using the github "merge w/ master" button, typically better to rebase over master and force push :)

@orbitalturtle orbitalturtle force-pushed the orbitalturtle:auto-regenerate-cert branch from 82f15bc to 5c23971 Jun 8, 2019

@orbitalturtle

This comment has been minimized.

Copy link
Contributor Author

commented Jun 8, 2019

@cfromknecht Ahhhh my bad, fixed that

@halseth
Copy link
Collaborator

left a comment

thanks for the PR! This is definitely useful, and the change looks good to me.

However, I don't think this warrants another integration test (hey have quite an overhead). Could you instead make the getTLSConfig method more testable and add a unit test? :)

return nil, nil, "", err
}

// If the certificate expired, delete it and the TLS key and generate a new pair

This comment has been minimized.

Copy link
@halseth

halseth Jun 11, 2019

Collaborator

nit: missing period end of sentence.

@orbitalturtle

This comment has been minimized.

Copy link
Contributor Author

commented Jun 11, 2019

@halseth Sure thing, I can take a stab at that tonight. Just a bit confused about how to approach that if you can elaborate a bit! Like which file do you see the unit test being in?

@halseth

This comment has been minimized.

Copy link
Collaborator

commented Jun 12, 2019

@orbitalturtle You can put the test in server_test.go. Just a simple test to make sure the getTLSConfig method creates the files as expected (you can perhaps make it take the file path directly instead of the full config to simplify).

@cfromknecht

This comment has been minimized.

Copy link
Collaborator

commented Jun 12, 2019

@halseth should we consider doing that as a follow up given that the PR is complete as is?

@cfromknecht

This comment has been minimized.

Copy link
Collaborator

commented Jun 13, 2019

@orbitalturtle if you can rebase on latest master and leave the itest, we can get this merged in time for the release candidate. If not we may need to push off to 0.8

@orbitalturtle orbitalturtle force-pushed the orbitalturtle:auto-regenerate-cert branch from 5c23971 to 37d0059 Jun 14, 2019

@orbitalturtle

This comment has been minimized.

Copy link
Contributor Author

commented Jun 14, 2019

@cfromknecht Sure thing, just rebased as is

Almost done with the new test in server_test.go I think, but I suppose that would require more review. So if this is merged as is, I’ll just add another PR updating the tests?

@cfromknecht

This comment has been minimized.

Copy link
Collaborator

commented Jun 14, 2019

@orbitalturtle awesome thanks! yeah since it doesn't affect the operational behavior, i'm fine with moving it to a unit test in a separate PR

@cfromknecht
Copy link
Collaborator

left a comment

LGTM ⛵️

@Roasbeef Roasbeef merged commit 18ec2bd into lightningnetwork:master Jun 14, 2019

1 of 2 checks passed

coverage/coveralls Coverage decreased (-0.02%) to 60.884%
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.