Generating new TLS with SAN information (IP address for local networks)

Makefile

@@ -48,7 +48,8 @@ tls:              ## Generates TLS certificates for the server, under ~/.homecon
 	openssl genrsa -out ${HOME}/.homecontrol/server.key 4096
 	openssl req -new -x509 -sha256 -key ${HOME}/.homecontrol/server.key \
 		-out ${HOME}/.homecontrol/server.crt -days 3650 \
-		-subj "/C=US/ST=MA/L=Cambridge/O=Networld/CN=Homecontrol/emailAddress=foo@bar.com"
+		-subj "/C=US/ST=MA/L=Cambridge/O=Networld/CN=Homecontrol/emailAddress=foo@bar.com" \
+		-addext "subjectAltName=IP:0.0.0.0,IP:127.0.0.1,IP:192.168.1.2"
 
 clean:          ## Removes generated protobuffer code and binaries. Keeps ~/.homecontrol
 	rm -f */*.pb.go

client/main.go

@@ -1,8 +1,11 @@
 package main
 
 import (
+	"crypto/tls"
+	"crypto/x509"
 	"flag"
 	"fmt"
+	"io/ioutil"
 	"os"
 	"time"
 
@@ -20,7 +23,7 @@ var (
 	address    = flag.String("host", "127.0.0.1:50051", "The gRPC service endpoint that will be contacted.")
 	cmd        = flag.String("cmd", "groups", "The command that will be executed.")
 	group      = flag.Int("group", 2, "The light group ID.")
-	tls        = flag.Bool("tls", false, "Activate TLS communication channel encryption.")
+	tlsFlag    = flag.Bool("tls", false, "Activate TLS communication channel encryption.")
 	brightness = flag.Float64("brightness", 0.66, "Light brightness in percentage. Value between 0 and 1.")
 	saturation = flag.Float64("sat", 0, "Light saturation in percentage. Value between 0 and 1.")
 	hueValue   = flag.Float64("hue", 0, " Value between 0 and 65535 with Red=5535 and Green=25500 and Blue=46920")
@@ -71,18 +74,18 @@ func blink(client hue.LightsClient, group int) {
 
 func getCallOptions() []grpc.CallOption {
 	opts := []grpc.CallOption{
-		grpc.FailFast(true),
-		grpc.MaxCallSendMsgSize(1024),
-		grpc.MaxCallRecvMsgSize(5120),
+		// grpc.FailFast(true),
+		// grpc.MaxCallSendMsgSize(1024),
+		// grpc.MaxCallRecvMsgSize(5120),
 	}
 	return opts
 }
 
 func getDialOptions() []grpc.DialOption {
 	opts := []grpc.DialOption{
-		grpc.WithTimeout(10 * time.Second),
-		grpc.WithBlock(),
-		grpc.WithBackoffMaxDelay(1 * time.Second),
+		// grpc.WithTimeout(10 * time.Second),
+		// grpc.WithBlock(),
+		// grpc.WithBackoffMaxDelay(1 * time.Second),
 	}
 	return opts
 }
@@ -92,8 +95,20 @@ func main() {
 
 	start := time.Now()
 	opts := getDialOptions()
-	if *tls {
-		cred, err := credentials.NewClientTLSFromFile(os.Getenv("HOME")+"/.homecontrol/server.crt", "Homecontrol")
+	if *tlsFlag {
+		certPool := x509.NewCertPool()
+		bs, err := ioutil.ReadFile(os.Getenv("HOME") + "/.homecontrol/server.crt")
+		if err != nil {
+			log.Fatalf("failed to read ca cert: %s", err)
+		}
+
+		ok := certPool.AppendCertsFromPEM(bs)
+		if !ok {
+			log.Fatal("failed to append certs")
+		}
+		cred := credentials.NewTLS(&tls.Config{
+			RootCAs: certPool,
+		})
 		info := cred.Info()
 		log.WithField("tls", true).
 			WithField("tls_version", info.SecurityVersion).

go.mod

@@ -9,7 +9,7 @@ require (
 	github.com/sirupsen/logrus v1.0.5
 	github.com/stretchr/testify v1.6.1 // indirect
 	google.golang.org/grpc v1.31.1
-	google.golang.org/protobuf v1.25.0
+	google.golang.org/protobuf v1.25.0 // indirect
 	gopkg.in/airbrake/gobrake.v2 v2.0.9 // indirect
 	gopkg.in/gemnasium/logrus-airbrake-hook.v2 v2.1.2 // indirect
 )

go.sum

@@ -33,6 +33,7 @@ github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMyw
 github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
 github.com/google/go-cmp v0.4.0 h1:xsAVV57WRhGj6kEIi8ReJzQlHHqcBYCElAvkovg3B/4=
 github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.0 h1:/QaMHBdZ26BB3SSst0Iwl10Epc+xhTquomWX0oZEB6w=
 github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/heatxsink/go-hue v0.0.0-20170108211435-077c5fe84349 h1:XMlISHes9eDJr9K5hTAIG92d1j4RBlFh3b+AetKz2MU=
 github.com/heatxsink/go-hue v0.0.0-20170108211435-077c5fe84349/go.mod h1:MeBXPrQdPQwocP+nWBaDcrs5CZnk4e1xyvVyS0bgSkc=
@@ -97,15 +98,11 @@ google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7
 google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
 google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55 h1:gSJIx1SDwno+2ElGhA4+qG2zF97qiUzTM+rQ0klBOcE=
 google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
-google.golang.org/genproto v0.0.0-20200117163144-32f20d992d24 h1:wDju+RU97qa0FZT0QnZDg9Uc2dH0Ql513kFvHocz+WM=
-google.golang.org/genproto v0.0.0-20200117163144-32f20d992d24/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
 google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013 h1:+kGHl1aib/qcwaRi1CbqBZ1rk19r85MNUf8HaBghugY=
 google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
 google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
 google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=
-google.golang.org/grpc v1.26.0 h1:2dTRdpdFEEhJYQD8EMLB61nnrzSCTbG38PhqdhvOltg=
-google.golang.org/grpc v1.26.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
 google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
 google.golang.org/grpc v1.31.1 h1:SfXqXS5hkufcdZ/mHtYCh53P2b+92WQq/DZcKLgsFRs=
 google.golang.org/grpc v1.31.1/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=