src/node/util.ts: Make certificate generation "modern"
Now we add a subject alt name, set extendedKeyUsage and use the correct certificate extension. The above allow it to be properly trusted by iOS. See https://support.apple.com/en-us/HT210176 *.cert isn't a real extension for certificates, *.crt is correct for it to be recognized by e.g. keychain or when importing as a profile into iOS. Updates #1566 I've been able to successfully connect from my iPad Pro now to my code-server instance with a self signed certificate! Next commit will be docs.
This commit is contained in:
parent
10b3028196
commit
8b85006996
@ -145,7 +145,7 @@ pass in an existing certificate by providing the path to `--cert` and the path t
|
|||||||
the key with `--cert-key`.
|
the key with `--cert-key`.
|
||||||
|
|
||||||
The self signed certificate will be generated into
|
The self signed certificate will be generated into
|
||||||
`~/.local/share/code-server/self-signed.cert`.
|
`~/.local/share/code-server/self-signed.crt`.
|
||||||
|
|
||||||
If `code-server` has been passed a certificate it will also respond to HTTPS
|
If `code-server` has been passed a certificate it will also respond to HTTPS
|
||||||
requests and will redirect all HTTP requests to HTTPS.
|
requests and will redirect all HTTP requests to HTTPS.
|
||||||
|
@ -55,7 +55,7 @@ export function humanPath(p?: string): string {
|
|||||||
}
|
}
|
||||||
|
|
||||||
export const generateCertificate = async (): Promise<{ cert: string; certKey: string }> => {
|
export const generateCertificate = async (): Promise<{ cert: string; certKey: string }> => {
|
||||||
const certPath = path.join(paths.data, "self-signed.cert")
|
const certPath = path.join(paths.data, "self-signed.crt")
|
||||||
const certKeyPath = path.join(paths.data, "self-signed.key")
|
const certKeyPath = path.join(paths.data, "self-signed.key")
|
||||||
|
|
||||||
const checks = await Promise.all([fs.pathExists(certPath), fs.pathExists(certKeyPath)])
|
const checks = await Promise.all([fs.pathExists(certPath), fs.pathExists(certKeyPath)])
|
||||||
@ -64,9 +64,25 @@ export const generateCertificate = async (): Promise<{ cert: string; certKey: st
|
|||||||
// generate certificates.
|
// generate certificates.
|
||||||
const pem = require("pem") as typeof import("pem")
|
const pem = require("pem") as typeof import("pem")
|
||||||
const certs = await new Promise<import("pem").CertificateCreationResult>((resolve, reject): void => {
|
const certs = await new Promise<import("pem").CertificateCreationResult>((resolve, reject): void => {
|
||||||
pem.createCertificate({ selfSigned: true }, (error, result) => {
|
pem.createCertificate(
|
||||||
|
{
|
||||||
|
selfSigned: true,
|
||||||
|
config: `
|
||||||
|
[req]
|
||||||
|
req_extensions = v3_req
|
||||||
|
|
||||||
|
[ v3_req ]
|
||||||
|
extendedKeyUsage = serverAuth
|
||||||
|
subjectAltName = @alt_names
|
||||||
|
|
||||||
|
[alt_names]
|
||||||
|
DNS.1 = localhost
|
||||||
|
`,
|
||||||
|
},
|
||||||
|
(error, result) => {
|
||||||
return error ? reject(error) : resolve(result)
|
return error ? reject(error) : resolve(result)
|
||||||
})
|
},
|
||||||
|
)
|
||||||
})
|
})
|
||||||
await fs.mkdirp(paths.data)
|
await fs.mkdirp(paths.data)
|
||||||
await Promise.all([fs.writeFile(certPath, certs.certificate), fs.writeFile(certKeyPath, certs.serviceKey)])
|
await Promise.all([fs.writeFile(certPath, certs.certificate), fs.writeFile(certKeyPath, certs.serviceKey)])
|
||||||
|
Reference in New Issue
Block a user