zishuo/netmaker
1
0
Fork 0
mirror of https://github.com/gravitl/netmaker.git synced 2025-10-06 01:07:41 +08:00
Code Issues Packages Projects Releases Wiki Activity

save returned certs/keys

Browse Source
This commit is contained in:
Matthew R. Kasun
2022-04-15 16:07:19 -04:00
parent 08e219cdcc
commit 4f19beda00
2 changed files with 5 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
controllers/server.go
View File

@@ -196,6 +196,9 @@ func register(w http.ResponseWriter, r *http.Request) {
// return // return
// } // }
tls.SaveCert("/tmp/sent/", "root.pem", ca)
tls.SaveCert("/tmp/sent/", "client.pem", cert)
tls.SaveKey("/tmp/sent/", "client.key", *key)
response := config.RegisterResponse{ response := config.RegisterResponse{
Key: *key, Key: *key,
CA: *ca, CA: *ca,
@@ -240,7 +243,7 @@ func genCerts(csr *x509.CertificateRequest, publickey ed25519.PublicKey) (*x509.
func genOpenSSLCerts() (*ed25519.PrivateKey, *x509.Certificate, *x509.Certificate, error) { func genOpenSSLCerts() (*ed25519.PrivateKey, *x509.Certificate, *x509.Certificate, error) {
cmd1 := "openssl genpkey -algorithm Ed25519 -out /tmp/client.key" cmd1 := "openssl genpkey -algorithm Ed25519 -out /tmp/client.key"
cmd2 := "openssl req -new -out /tmp/client.csr -key tmp/client.key -subj '/CN=client'" cmd2 := "openssl req -new -out /tmp/client.csr -key /tmp/client.key -subj /CN=client"
cmd3 := "openssl x509 -req -in /tmp/client.csr -days 365 -CA /etc/netmaker/root.pem -CAkey /etc/netmaker/root.key -CAcreateserial -out /tmp/client.pem" cmd3 := "openssl x509 -req -in /tmp/client.csr -days 365 -CA /etc/netmaker/root.pem -CAkey /etc/netmaker/root.key -CAcreateserial -out /tmp/client.pem"
if _, err := ncutils.RunCmd(cmd1, true); err != nil { if _, err := ncutils.RunCmd(cmd1, true); err != nil {

2
netclient/functions/daemon.go
View File

@@ -308,7 +308,7 @@ func NewTLSConfig(cfg *config.ClientConfig, server string) *tls.Config {
logger.Log(0, "VerifyConnection - certifiate mismatch") logger.Log(0, "VerifyConnection - certifiate mismatch")
return errors.New("certificate doesn't match server") return errors.New("certificate doesn't match server")
} }
ca, err := ssl.ReadCert("/etc/netclient/" + cs.ServerName + "/server.pem") ca, err := ssl.ReadCert("/etc/netclient/" + cs.ServerName + "/root.pem")
if err != nil { if err != nil {
logger.Log(0, "VerifyConnection - unable to read ca", err.Error()) logger.Log(0, "VerifyConnection - unable to read ca", err.Error())
return errors.New("unable to read ca") return errors.New("unable to read ca")