diff options
author | Kazuki Yamaguchi <k@rhe.jp> | 2016-05-08 16:19:34 +0900 |
---|---|---|
committer | Kazuki Yamaguchi <k@rhe.jp> | 2016-05-08 16:21:55 +0900 |
commit | 63eb73dd4041f75aa6085d499646c415d507af37 (patch) | |
tree | 3a3289acada83cd948558350800497d43d0bfc90 | |
parent | 023d9d1d1018c03896914f67c9d87846c3ce081b (diff) | |
download | plum-topic/rack-fix-tls-listener.tar.gz |
rack: tls_listener: fix certificate extensionstopic/rack-fix-tls-listener
Since the (dummy generated) certificate is not a CA,
basicConstraints=cA:TRUE is not good. Also subjectKeyIdentifier is
missing.
-rw-r--r-- | lib/plum/rack/listener.rb | 6 |
1 files changed, 2 insertions, 4 deletions
diff --git a/lib/plum/rack/listener.rb b/lib/plum/rack/listener.rb index ac60310..b335fb3 100644 --- a/lib/plum/rack/listener.rb +++ b/lib/plum/rack/listener.rb @@ -125,11 +125,9 @@ module Plum cert.serial = rand((1 << 20) - 1) cert.version = 2 - ef = OpenSSL::X509::ExtensionFactory.new - ef.subject_certificate = cert - ef.issuer_certificate = cert + ef = OpenSSL::X509::ExtensionFactory.new(cert, cert) cert.extensions = [ - ef.create_extension("basicConstraints", "CA:TRUE", true), + ef.create_extension("subjectKeyIdentifier", "hash") ] cert.sign(key, OpenSSL::Digest::SHA256.new) |