Add support for dynamic set of sub CAs
This commit is contained in:
parent
b16ca196f1
commit
6e3e84c70d
2 changed files with 9 additions and 5 deletions
|
@ -122,8 +122,8 @@ func (registry *SigningRequestRegistry) sign(request *SigningRequestAttributes)
|
||||||
time.Sleep(5 * time.Second)
|
time.Sleep(5 * time.Second)
|
||||||
|
|
||||||
opensslCommand := exec.Command(
|
opensslCommand := exec.Command(
|
||||||
"openssl", "ca", "-config", "ca.cnf",
|
"openssl", "ca", "-config", "ca.cnf", "-name", "email_ca",
|
||||||
"-policy", "policy_match", "-extensions", "client_ext",
|
"-policy", "policy_match", "-extensions", "email_ext",
|
||||||
"-batch", "-subj", subjectDN, "-utf8", "-rand_serial", "-in", csrFile.Name())
|
"-batch", "-subj", subjectDN, "-utf8", "-rand_serial", "-in", csrFile.Name())
|
||||||
var out, cmdErr bytes.Buffer
|
var out, cmdErr bytes.Buffer
|
||||||
opensslCommand.Stdout = &out
|
opensslCommand.Stdout = &out
|
||||||
|
|
10
main.go
10
main.go
|
@ -11,6 +11,7 @@ import (
|
||||||
"net/http"
|
"net/http"
|
||||||
"os"
|
"os"
|
||||||
"os/signal"
|
"os/signal"
|
||||||
|
"path/filepath"
|
||||||
"strings"
|
"strings"
|
||||||
"syscall"
|
"syscall"
|
||||||
"time"
|
"time"
|
||||||
|
@ -47,7 +48,6 @@ func main() {
|
||||||
CipherSuites: []uint16{
|
CipherSuites: []uint16{
|
||||||
tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
|
tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
|
||||||
tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
|
tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
|
||||||
tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
|
|
||||||
},
|
},
|
||||||
NextProtos: []string{"h2"},
|
NextProtos: []string{"h2"},
|
||||||
PreferServerCipherSuites: true,
|
PreferServerCipherSuites: true,
|
||||||
|
@ -124,8 +124,12 @@ func generateRandomBytes(count int) []byte {
|
||||||
|
|
||||||
func loadCACertificates() (caCertificates []*x509.Certificate) {
|
func loadCACertificates() (caCertificates []*x509.Certificate) {
|
||||||
var err error
|
var err error
|
||||||
caCertificates = make([]*x509.Certificate, 2)
|
caFiles, err := filepath.Glob("example_ca/*/ca.crt.pem")
|
||||||
for index, certFile := range []string{"example_ca/sub/ca.crt.pem", "example_ca/root/ca.crt.pem"} {
|
if err != nil {
|
||||||
|
log.Panic(err)
|
||||||
|
}
|
||||||
|
caCertificates = make([]*x509.Certificate, len(caFiles))
|
||||||
|
for index, certFile := range caFiles {
|
||||||
var certBytes []byte
|
var certBytes []byte
|
||||||
if certBytes, err = ioutil.ReadFile(certFile); err != nil {
|
if certBytes, err = ioutil.ReadFile(certFile); err != nil {
|
||||||
log.Panic(err)
|
log.Panic(err)
|
||||||
|
|
Reference in a new issue