aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKazuki Yamaguchi <k@rhe.jp>2016-05-08 16:19:34 +0900
committerKazuki Yamaguchi <k@rhe.jp>2016-05-08 16:21:55 +0900
commit63eb73dd4041f75aa6085d499646c415d507af37 (patch)
tree3a3289acada83cd948558350800497d43d0bfc90
parent023d9d1d1018c03896914f67c9d87846c3ce081b (diff)
downloadplum-topic/rack-fix-tls-listener.tar.gz
rack: tls_listener: fix certificate extensionstopic/rack-fix-tls-listener
Since the (dummy generated) certificate is not a CA, basicConstraints=cA:TRUE is not good. Also subjectKeyIdentifier is missing.
-rw-r--r--lib/plum/rack/listener.rb6
1 files changed, 2 insertions, 4 deletions
diff --git a/lib/plum/rack/listener.rb b/lib/plum/rack/listener.rb
index ac60310..b335fb3 100644
--- a/lib/plum/rack/listener.rb
+++ b/lib/plum/rack/listener.rb
@@ -125,11 +125,9 @@ module Plum
cert.serial = rand((1 << 20) - 1)
cert.version = 2
- ef = OpenSSL::X509::ExtensionFactory.new
- ef.subject_certificate = cert
- ef.issuer_certificate = cert
+ ef = OpenSSL::X509::ExtensionFactory.new(cert, cert)
cert.extensions = [
- ef.create_extension("basicConstraints", "CA:TRUE", true),
+ ef.create_extension("subjectKeyIdentifier", "hash")
]
cert.sign(key, OpenSSL::Digest::SHA256.new)