Skip to content

Commit

Permalink
Fill in the 'Country' for generated certificates (#1592)
Browse files Browse the repository at this point in the history 
* Fill in the 'Country' for generated certificates

Some users have reported errors from certain tools when the country is not a valid 2-letter string

* added Country to CA cert as well

* install latest kubic podman

---------

Co-authored-by: Roman Dodin <dodin.roman@gmail.com>
  • Loading branch information
@jbemmel @hellt
jbemmel and hellt committed Sep 15, 2023
1 parent d93e6a7 commit 2c36cc8
Show file tree
Hide file tree
Showing 4 changed files with 9 additions and 8 deletions.
4 changes: 2 additions & 2 deletions .github/workflows/cicd.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -163,7 +163,7 @@ jobs:
echo 'deb http://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/unstable/xUbuntu_22.04/ /' | sudo tee /etc/apt/sources.list.d/devel:kubic:libcontainers:unstable.list
curl -fsSL https://download.opensuse.org/repositories/devel:kubic:libcontainers:unstable/xUbuntu_22.04/Release.key | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/devel_kubic_libcontainers_unstable.gpg > /dev/null
sudo apt update
sudo apt install -y podman=4:4.6.2-0ubuntu22.04+obs81.2
sudo apt install -y podman
sudo systemctl start podman
- uses: actions/setup-python@v4
with:
Expand Down Expand Up @@ -331,7 +331,7 @@ jobs:
echo 'deb http://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/unstable/xUbuntu_22.04/ /' | sudo tee /etc/apt/sources.list.d/devel:kubic:libcontainers:unstable.list
curl -fsSL https://download.opensuse.org/repositories/devel:kubic:libcontainers:unstable/xUbuntu_22.04/Release.key | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/devel_kubic_libcontainers_unstable.gpg > /dev/null
sudo apt update
sudo apt install -y podman=4:4.6.2-0ubuntu22.04+obs81.2
sudo apt install -y podman
sudo systemctl start podman
- uses: actions/setup-python@v4
Expand Down
1 change: 1 addition & 0 deletions cmd/deploy.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -352,6 +352,7 @@ func certificateAuthoritySetup(c *clab.CLab) error {
// define the attributes used to generate the CA Cert
caCertInput := &cert.CACSRInput{
CommonName: c.Config.Name + " lab CA",
Country: "US",
Expiry: validityDuration,
Organization: "containerlab",
KeySize: keySize,
Expand Down
2 changes: 1 addition & 1 deletion nodes/default_node.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -395,11 +395,11 @@ func (d *DefaultNode) LoadOrGenerateCertificate(certInfra *cert.Cert, topoName s
}
hosts = append(hosts, nodeConfig.SANs...)

// collect cert details
certInput := &cert.NodeCSRInput{
CommonName: nodeConfig.ShortName + "." + topoName + ".io",
Hosts: hosts,
Organization: "containerlab",
Country: "US",
KeySize: d.Cfg.Certificate.KeySize,
Expiry: d.Cfg.Certificate.ValidityDuration,
}
Expand Down
10 changes: 5 additions & 5 deletions tests/01-smoke/10-ca-parameter.robot
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,8 +42,8 @@ Review Root Certificate
... openssl x509 -in ${ca-cert-file} -text
Log ${output}
Should Be Equal As Integers ${rc} 0
Should Contain ${output} Issuer: C = , L = , O = containerlab, OU = , CN = ${lab-name} lab CA
Should Contain ${output} Subject: C = , L = , O = containerlab, OU = , CN = ${lab-name} lab CA
Should Contain ${output} Issuer: C = US, L = , O = containerlab, OU = , CN = ${lab-name} lab CA
Should Contain ${output} Subject: C = US, L = , O = containerlab, OU = , CN = ${lab-name} lab CA
Should Contain ${output} Public-Key: (${ca-keysize} bit)

Node l1 cert and key files should exist
Expand All @@ -64,7 +64,7 @@ Review Node l1 Certificate
Log ${output}
Should Be Equal As Integers ${rc} 0
Should Contain ${output} CN = l1.${lab-name}.io
Should Contain ${output} Issuer: C = , L = , O = containerlab, OU = , CN = ${lab-name} lab CA
Should Contain ${output} Issuer: C = US, L = , O = containerlab, OU = , CN = ${lab-name} lab CA
Should Contain ${output} Public-Key: (${l1-keysize} bit)

Review Node l2 Certificate
Expand All @@ -73,7 +73,7 @@ Review Node l2 Certificate
Log ${output}
Should Be Equal As Integers ${rc} 0
Should Contain ${output} CN = l2.${lab-name}.io
Should Contain ${output} Issuer: C = , L = , O = containerlab, OU = , CN = ${lab-name} lab CA
Should Contain ${output} Issuer: C = US, L = , O = containerlab, OU = , CN = ${lab-name} lab CA
Should Contain ${output} Public-Key: (${l2-keysize} bit)

Verfiy node cert l1 with CA Cert
Expand Down Expand Up @@ -109,7 +109,7 @@ Get Certificate Date
... ${certificate_output}
... Not ${type}\\W*: (\\w{3}\\W+\\d{1,2} \\d{2}:\\d{2}:\\d{2} \\d{4} \\w{3})
... 1
[Return] ${date}[0]
RETURN ${date}[0]

Check Certificat Validity Duration
[Arguments] ${certificate_output} ${expected_duration}
Expand Down

0 comments on commit 2c36cc8

Please sign in to comment.