Add support for dynamic set of sub CAs
This commit is contained in:
parent
b16ca196f1
commit
6e3e84c70d
2 changed files with 9 additions and 5 deletions
|
@ -122,8 +122,8 @@ func (registry *SigningRequestRegistry) sign(request *SigningRequestAttributes)
|
|||
time.Sleep(5 * time.Second)
|
||||
|
||||
opensslCommand := exec.Command(
|
||||
"openssl", "ca", "-config", "ca.cnf",
|
||||
"-policy", "policy_match", "-extensions", "client_ext",
|
||||
"openssl", "ca", "-config", "ca.cnf", "-name", "email_ca",
|
||||
"-policy", "policy_match", "-extensions", "email_ext",
|
||||
"-batch", "-subj", subjectDN, "-utf8", "-rand_serial", "-in", csrFile.Name())
|
||||
var out, cmdErr bytes.Buffer
|
||||
opensslCommand.Stdout = &out
|
||||
|
|
10
main.go
10
main.go
|
@ -11,6 +11,7 @@ import (
|
|||
"net/http"
|
||||
"os"
|
||||
"os/signal"
|
||||
"path/filepath"
|
||||
"strings"
|
||||
"syscall"
|
||||
"time"
|
||||
|
@ -47,7 +48,6 @@ func main() {
|
|||
CipherSuites: []uint16{
|
||||
tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
|
||||
tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
|
||||
tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
|
||||
},
|
||||
NextProtos: []string{"h2"},
|
||||
PreferServerCipherSuites: true,
|
||||
|
@ -124,8 +124,12 @@ func generateRandomBytes(count int) []byte {
|
|||
|
||||
func loadCACertificates() (caCertificates []*x509.Certificate) {
|
||||
var err error
|
||||
caCertificates = make([]*x509.Certificate, 2)
|
||||
for index, certFile := range []string{"example_ca/sub/ca.crt.pem", "example_ca/root/ca.crt.pem"} {
|
||||
caFiles, err := filepath.Glob("example_ca/*/ca.crt.pem")
|
||||
if err != nil {
|
||||
log.Panic(err)
|
||||
}
|
||||
caCertificates = make([]*x509.Certificate, len(caFiles))
|
||||
for index, certFile := range caFiles {
|
||||
var certBytes []byte
|
||||
if certBytes, err = ioutil.ReadFile(certFile); err != nil {
|
||||
log.Panic(err)
|
||||
|
|
Reference in a new issue