POC SSL Certificate

[chadlagore]

⌛ Status: WIP

🎟️ Ticket(s): #59

---

🔦 Testing Instructions

./gen-cert.sh  # lots of input - ideally pipe this script over ssh and fill in with defaults
sudo go run main.go  # port 443 requires sudo, bruno will be pissed

Elsewhere...

$ curl -sL https://localhost:443

Produces server-side error:

2018/01/18 21:00:43 http: TLS handshake error from [::1]:53606: remote error: tls: unknown certificate authority

@jordanschalm and I discuss:

... because we control both the client and the server, and we have to ssh pipe, we can just provide any identity that both sides can agree on. We don’t actually care about identities here, all we want is the encryption, so we can kind of fudge the identity part.

Discuss?

[coveralls]

Coverage decreased (-0.2%) to 21.486% when pulling c9f5e99 on chad/59-ssl-poc into 9b5c4ff on master.

[bfbachmann]

Nice! The only problem I can see with the certificates not coming from a trusted authority is that you're still vulnerable to a man-in-the-middle you can't verify identity. I may well be wrong about that though - I'm not exactly a security expert. However, given our use case I don't think it's a big deal.

[jordanschalm]

@bfbachmann I don't think that's a concern. Since the bootstrapping connection occurs over a secure channel we can inform the client of what cert the server has generated, so the client knows what it should trust.

The cert does come from a trusted authority (our code, running on the server), but the library doesn't know that without some extra work on our part. That's the hard part.

[jordanschalm]

Love it.

[jordanschalm]

Can we remove the dependency on openssl?

[chadlagore]

May be of use https://godoc.org/github.com/spacemonkeygo/openssl

[jordanschalm]

Hahaha damn this is simple 😆

[bobheadxi]

Does this mean the inertia [REMOTE] commands have to be sudo now, or only once?

[chadlagore]

No @bobheadxi, this will be handled over SSH prior to and during booting of the daemon container 😄