Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CA file #323

Merged
merged 21 commits into from
Aug 2, 2023
Merged

CA file #323

merged 21 commits into from
Aug 2, 2023

Commits on Aug 2, 2023

  1. golangci: disable gochecknoglobals in tests

    @mmatczuk
    mmatczuk committed Aug 2, 2023
    Configuration menu
    Copy the full SHA
    1866909 View commit details
    Browse the repository at this point in the history

  2. fileurl: add test case for data scheme

    @mmatczuk
    mmatczuk committed Aug 2, 2023
    Configuration menu
    Copy the full SHA
    bce2ff6 View commit details
    Browse the repository at this point in the history

  3. readurl: change signature of ReadURL to return []byte and add dedicat… 

    …ed ReadURLString
    @mmatczuk
    mmatczuk committed Aug 2, 2023
    Configuration menu
    Copy the full SHA
    9413bfb View commit details
    Browse the repository at this point in the history

  4. readurl: add support for reading data scheme 

    Reading data scheme is restricted to base64 only.
    @mmatczuk
    mmatczuk committed Aug 2, 2023
    Configuration menu
    Copy the full SHA
    5d946f2 View commit details
    Browse the repository at this point in the history

  5. readurl: add ReadFileOrBase64 as a base 64 enabled os.ReadFile wrapper

    @mmatczuk
    mmatczuk committed Aug 2, 2023
    Configuration menu
    Copy the full SHA
    4694023 View commit details
    Browse the repository at this point in the history

  6. tls: add support for loading TLS certificate and key from base64 enco… 

    …ded string
    @mmatczuk
    mmatczuk committed Aug 2, 2023
    Configuration menu
    Copy the full SHA
    ae2079b View commit details
    Browse the repository at this point in the history

  7. tls: split TLSConfig to TLSClientConfig and TLSServerConfig

    @mmatczuk
    mmatczuk committed Aug 2, 2023
    Configuration menu
    Copy the full SHA
    90cf3e2 View commit details
    Browse the repository at this point in the history

  8. tls: refactor LoadCertificateFromTLSConfig to ConfigureTLSConfig method

    @mmatczuk
    mmatczuk committed Aug 2, 2023
    Configuration menu
    Copy the full SHA
    bff3ecc View commit details
    Browse the repository at this point in the history

  9. tls: add CAFiles to TLSClientConfig

    @mmatczuk
    mmatczuk committed Aug 2, 2023
    Configuration menu
    Copy the full SHA
    29a3f16 View commit details
    Browse the repository at this point in the history

  10. http_transport: add TLSHandshakeTimeout to TLSClientConfig 

    The field order is changed to reflect the field order in http.Transport.
    @mmatczuk
    mmatczuk committed Aug 2, 2023
    Configuration menu
    Copy the full SHA
    98f9849 View commit details
    Browse the repository at this point in the history

  11. bind: extract TLSClientConfig from HTTPTransportConfig

    @mmatczuk
    mmatczuk committed Aug 2, 2023
    Configuration menu
    Copy the full SHA
    50c920e View commit details
    Browse the repository at this point in the history

  12. bind: add ca-file flag

    @mmatczuk
    mmatczuk committed Aug 2, 2023
    Configuration menu
    Copy the full SHA
    047a37b View commit details
    Browse the repository at this point in the history

  13. bind: extract TLSServerConfig from HTTPServerConfig

    @mmatczuk
    mmatczuk committed Aug 2, 2023
    Configuration menu
    Copy the full SHA
    7ab4b07 View commit details
    Browse the repository at this point in the history

  14. bind: remove tls prefix from tls-[cert,key]-file

    @mmatczuk
    mmatczuk committed Aug 2, 2023
    Configuration menu
    Copy the full SHA
    18a2dfa View commit details
    Browse the repository at this point in the history

  15. e2e/certs: CA signed certificate generation 

    The script generates CA and certificate key pair for each host name used in tests.
We generate X509v3 certificates based on ecdsa-with-SHA256 signing alg.

For developer convenience the certificates also work with localhost DNS name.

Sample generated key

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            b1:b4:50:5f:59:1c:7b:9a
    Signature Algorithm: ecdsa-with-SHA256
        Issuer: C=US, O=Sauce Labs Inc.
        Validity
            Not Before: Aug  2 10:00:27 2023 GMT
            Not After : Aug  1 10:00:27 2024 GMT
        Subject: C=US, O=Sauce Labs Inc., CN=httpbin
        Subject Public Key Info:
            Public Key Algorithm: id-ecPublicKey
                Public-Key: (256 bit)
                pub:
                    04:b4:80:60:3a:eb:00:e7:e0:ba:59:80:bf:c7:b8:
                    9c:f3:48:2b:ab:39:64:e0:8f:a3:ac:79:58:cf:2b:
                    ec:59:71:95:c0:11:a8:ca:b6:6b:a4:91:2f:fc:b0:
                    0c:ba:92:f8:f9:7e:d5:ba:cf:32:aa:c9:80:fd:7b:
                    5e:ad:1e:4b:7a
                ASN1 OID: prime256v1
                NIST CURVE: P-256
        X509v3 extensions:
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Authority Key Identifier:
                keyid:10:A7:85:A5:DD:41:80:3F:E5:FE:A3:F8:E9:F1:05:81:BE:B0:16:99

            X509v3 Subject Alternative Name:
                DNS:localhost, DNS:httpbin
            X509v3 Key Usage:
                Digital Signature, Key Encipherment
    Signature Algorithm: ecdsa-with-SHA256
         30:45:02:21:00:d2:05:be:ea:10:20:62:3d:13:94:cd:cc:c8:
         37:93:45:1d:73:6a:45:e1:54:20:2a:7c:d3:66:27:93:f9:83:
         3b:02:20:05:e8:a9:94:a0:2f:6a:43:d8:f0:5e:de:33:e5:6b:
         15:26:f7:8e:93:3c:25:81:42:74:8f:e6:db:38:a2:83:b0
    @mmatczuk
    mmatczuk committed Aug 2, 2023
    Configuration menu
    Copy the full SHA
    ef1352c View commit details
    Browse the repository at this point in the history

  16. e2e: use generated certificates instead of insecure

    @mmatczuk
    mmatczuk committed Aug 2, 2023
    Configuration menu
    Copy the full SHA
    0da0f79 View commit details
    Browse the repository at this point in the history

  17. gh: update go action to generate certificates

    @mmatczuk
    mmatczuk committed Aug 2, 2023
    Configuration menu
    Copy the full SHA
    64d70dc View commit details
    Browse the repository at this point in the history

  18. bind: rename ca-file to cacert-file for better compatibility with curl 

    The curl command has --cacert <file> and --capath <dir> flags.

Forwarder implement the file based approach but supports specifying it multiple times.
With this patch the flag is --cacert-file <path or base64> (env FORWARDER_CACERT_FILE).
We preserve the file suffix for automatic file marking and compatibility with other Forwarder flags.
    @mmatczuk
    mmatczuk committed Aug 2, 2023
    Configuration menu
    Copy the full SHA
    f78e844 View commit details
    Browse the repository at this point in the history

  19. gh: on CI failure dump docker-compose.yaml

    @mmatczuk
    mmatczuk committed Aug 2, 2023
    Configuration menu
    Copy the full SHA
    fad0324 View commit details
    Browse the repository at this point in the history

  20. http_proxy: log when using custom root CA certificates

    @mmatczuk
    mmatczuk committed Aug 2, 2023
    Configuration menu
    Copy the full SHA
    9ab4444 View commit details
    Browse the repository at this point in the history

  21. http_proxy: log when using custom root CA certificates

    @mmatczuk
    mmatczuk committed Aug 2, 2023
    Configuration menu
    Copy the full SHA
    2ec2171 View commit details
    Browse the repository at this point in the history