Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Auto regenerate TLS cert #3011

Merged
merged 3 commits into from Jun 14, 2019
Merged

Auto regenerate TLS cert #3011

merged 3 commits into from Jun 14, 2019

Conversation

@orbitalturtle
Copy link
Contributor

@orbitalturtle orbitalturtle commented Apr 25, 2019

Auto-regenerates TLS files once expired.

Fixes #2758

@cfromknecht cfromknecht added this to the 0.7 milestone May 8, 2019
@redstorm1
Copy link

@redstorm1 redstorm1 commented May 14, 2019

I'm suffering from this issue. the auto generated cert has expired and connections now fail. cannot even unlock the wallet.

Organization: lnd autogenerated cert
Valid From: March 18, 2018
Valid To: May 13, 2019

[lncli] rpc error: code = Unavailable desc = all SubConns are in TransientFailure, latest connection error: connection error: desc = "transport: authentication handshake failed: x509: certificate has expired or is not yet valid"

Loading

Copy link
Collaborator

@cfromknecht cfromknecht left a comment

@orbitalturtle thanks for fixing this! completed an initial pass, changes look pretty good to me. mostly minor nits

Loading

lnd_test.go Outdated Show resolved Hide resolved
Loading
lnd_test.go Outdated Show resolved Hide resolved
Loading
lnd_test.go Outdated Show resolved Hide resolved
Loading
lnd_test.go Outdated Show resolved Hide resolved
Loading
lnd_test.go Outdated Show resolved Hide resolved
Loading
lnd_test.go Outdated Show resolved Hide resolved
Loading
lnd_test.go Outdated Show resolved Hide resolved
Loading
lnd_test.go Outdated Show resolved Hide resolved
Loading
@cfromknecht
Copy link
Collaborator

@cfromknecht cfromknecht commented May 14, 2019

@redstorm1 in the meantime you can try deleting the tls.cert and tls.key and restarting lnd

Loading

@cfromknecht
Copy link
Collaborator

@cfromknecht cfromknecht commented May 22, 2019

@orbitalturtle any progress on this front? should we keep this slated for 0.7?

Loading

@orbitalturtle
Copy link
Contributor Author

@orbitalturtle orbitalturtle commented May 22, 2019

Hey @cfromknecht - sure that all sounds good, I'll push up my revisions tomorrow. :)

Loading

@cfromknecht
Copy link
Collaborator

@cfromknecht cfromknecht commented May 23, 2019

@orbitalturtle excellent, thanks!

Loading

@orbitalturtle
Copy link
Contributor Author

@orbitalturtle orbitalturtle commented May 25, 2019

@cfromknecht Ok finally revised that! Lmk if I can be of any more assistance. Less busy now, so will be more responsive.

Loading

Copy link
Collaborator

@cfromknecht cfromknecht left a comment

thanks @orbitalturtle! couple small comments, otherwise looking pretty good

Loading

lntest/node.go Show resolved Hide resolved
Loading
lnd_test.go Outdated Show resolved Hide resolved
Loading
@cfromknecht
Copy link
Collaborator

@cfromknecht cfromknecht commented Jun 1, 2019

@orbitalturtle this probably needs a rebase, since the main lnd_test.go file has been recently moved to lntest/itest/lnd_test.go

Loading

@cfromknecht
Copy link
Collaborator

@cfromknecht cfromknecht commented Jun 5, 2019

@orbitalturtle be sure to run make lint, the current build is failing with lntest/node.go:1::warning: file is not gofmted with -s (gofmt)

also recommend not using the github "merge w/ master" button, typically better to rebase over master and force push :)

Loading

@orbitalturtle
Copy link
Contributor Author

@orbitalturtle orbitalturtle commented Jun 8, 2019

@cfromknecht Ahhhh my bad, fixed that

Loading

Copy link
Collaborator

@halseth halseth left a comment

thanks for the PR! This is definitely useful, and the change looks good to me.

However, I don't think this warrants another integration test (hey have quite an overhead). Could you instead make the getTLSConfig method more testable and add a unit test? :)

Loading

return nil, nil, "", err
}

// If the certificate expired, delete it and the TLS key and generate a new pair
Copy link
Collaborator

@halseth halseth Jun 11, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: missing period end of sentence.

Loading

@orbitalturtle
Copy link
Contributor Author

@orbitalturtle orbitalturtle commented Jun 11, 2019

@halseth Sure thing, I can take a stab at that tonight. Just a bit confused about how to approach that if you can elaborate a bit! Like which file do you see the unit test being in?

Loading

@halseth
Copy link
Collaborator

@halseth halseth commented Jun 12, 2019

@orbitalturtle You can put the test in server_test.go. Just a simple test to make sure the getTLSConfig method creates the files as expected (you can perhaps make it take the file path directly instead of the full config to simplify).

Loading

@cfromknecht
Copy link
Collaborator

@cfromknecht cfromknecht commented Jun 12, 2019

@halseth should we consider doing that as a follow up given that the PR is complete as is?

Loading

@cfromknecht
Copy link
Collaborator

@cfromknecht cfromknecht commented Jun 13, 2019

@orbitalturtle if you can rebase on latest master and leave the itest, we can get this merged in time for the release candidate. If not we may need to push off to 0.8

Loading

@orbitalturtle
Copy link
Contributor Author

@orbitalturtle orbitalturtle commented Jun 14, 2019

@cfromknecht Sure thing, just rebased as is

Almost done with the new test in server_test.go I think, but I suppose that would require more review. So if this is merged as is, I’ll just add another PR updating the tests?

Loading

@cfromknecht
Copy link
Collaborator

@cfromknecht cfromknecht commented Jun 14, 2019

@orbitalturtle awesome thanks! yeah since it doesn't affect the operational behavior, i'm fine with moving it to a unit test in a separate PR

Loading

Copy link
Collaborator

@cfromknecht cfromknecht left a comment

LGTM ⛵️

Loading

@Roasbeef Roasbeef merged commit 18ec2bd into lightningnetwork:master Jun 14, 2019
1 of 2 checks passed
Loading
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

5 participants