Skip to content
This repository has been archived by the owner on Mar 21, 2024. It is now read-only.

generate certificate script fails on windows with mingw bash #143

Open
BarDweller opened this issue Feb 22, 2019 · 0 comments
Open

generate certificate script fails on windows with mingw bash #143

BarDweller opened this issue Feb 22, 2019 · 0 comments

Comments

@BarDweller
Copy link
Member

A few issues that seem to come down to limitation of the bash implementation.

Subject var slashes.

The SUBJECT declaration contains /'s and is passed as an argument so mingw thinks it's a unix path, and tries to be helpful and convert it back to a windows path. To tell it not to, we have to prepend it with // and swap the other /'s for \'s.

  # avoid mingw deciding the subject string is a path to translate!
  unameOut="$(uname -s)"
  case "${unameOut}" in
    MINGW*)     SUBJECT="//CN=gameontext.org\OU=GameOn Development CA\O=The Ficticious GameOn CA Company\L=Earth\ST=Happy\C=CA";;
    *)          SUBJECT="/CN=gameontext.org/OU=GameOn Development CA/O=The Ficticious GameOn CA Company/L=Earth/ST=Happy/C=CA"
  esac

OpenSSL IP.1/DNS.1 in ext

OpenSSL version I have (OpenSSL 1.0.2p Aug 2018) refuses to accept a dns name as an argument to IP.1 in the v3.ext creation. We may need to add logic to detect if ${hostName} is an ip, or a dns name, and only set the appopriate entry.

I just commented out the IP.1 set in my script, as a quick way to solve it locally.

Config as filename rather than string.

For some reason my OpenSSL also wasn't happy about the config being passed via cat as a string, but it was fine with me passing the filename..

  #Create Server Key, with CSR
  openssl req -new -sha256 -nodes \
    -out ${targetDir}/.gameontext.openssl/server.csr -newkey rsa:4096 \
    -keyout ${targetDir}/.gameontext.onlykey.pem -config ${targetDir}/.gameontext.openssl/rootCSR.cnf

Subshells & fdopen

Use of subshells to generate stuffs.. I was seeing errors about fdopen not being able to read things.
I'm way less sure of these, because the errors could have just come from the fallout from subject not being set. But I converted the way the CSR/EXT files were made from using cat & EOT into echo concats instead..

  #Create CSR config
echo [req] >  ${targetDir}/.gameontext.openssl/rootCSR.cnf
echo default_bits = 4096 >>  ${targetDir}/.gameontext.openssl/rootCSR.cnf
echo prompt = no >>  ${targetDir}/.gameontext.openssl/rootCSR.cnf
echo default_md = sha256 >>  ${targetDir}/.gameontext.openssl/rootCSR.cnf
echo distinguished_name = dn >>  ${targetDir}/.gameontext.openssl/rootCSR.cnf
echo "" >>  ${targetDir}/.gameontext.openssl/rootCSR.cnf
echo [dn] >>  ${targetDir}/.gameontext.openssl/rootCSR.cnf
echo C=CA >>  ${targetDir}/.gameontext.openssl/rootCSR.cnf
echo ST=Happy >>  ${targetDir}/.gameontext.openssl/rootCSR.cnf
echo L=Earth >>  ${targetDir}/.gameontext.openssl/rootCSR.cnf
echo O=The Ficticious GameOn Company >>  ${targetDir}/.gameontext.openssl/rootCSR.cnf
echo OU=GameOn Application >>  ${targetDir}/.gameontext.openssl/rootCSR.cnf
echo CN = ${hostName} >>  ${targetDir}/.gameontext.openssl/rootCSR.cnf
echo "" >>  ${targetDir}/.gameontext.openssl/rootCSR.cnf

echo authorityKeyIdentifier=keyid,issuer > ${targetDir}/.gameontext.openssl/v3.ext
echo basicConstraints=CA:FALSE >> ${targetDir}/.gameontext.openssl/v3.ext
echo keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment >> ${targetDir}/.gameontext.openssl/v3.ext
echo subjectAltName = @alt_names >> ${targetDir}/.gameontext.openssl/v3.ext
echo "" >> ${targetDir}/.gameontext.openssl/v3.ext
echo [alt_names] >> ${targetDir}/.gameontext.openssl/v3.ext
echo DNS.1 = ${hostName} >> ${targetDir}/.gameontext.openssl/v3.ext
echo "" >> ${targetDir}/.gameontext.openssl/v3.ext
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@BarDweller