src/node/util.ts: Make certificate generation "modern"
Now we add a subject alt name, set extendedKeyUsage and use the correct certificate extension. The above allow it to be properly trusted by iOS. See https://support.apple.com/en-us/HT210176 *.cert isn't a real extension for certificates, *.crt is correct for it to be recognized by e.g. keychain or when importing as a profile into iOS. Updates #1566 I've been able to successfully connect from my iPad Pro now to my code-server instance with a self signed certificate! Next commit will be docs.
This commit is contained in:
parent
10b3028196
commit
8b85006996
@ -145,7 +145,7 @@ pass in an existing certificate by providing the path to `--cert` and the path t
|
||||
the key with `--cert-key`.
|
||||
|
||||
The self signed certificate will be generated into
|
||||
`~/.local/share/code-server/self-signed.cert`.
|
||||
`~/.local/share/code-server/self-signed.crt`.
|
||||
|
||||
If `code-server` has been passed a certificate it will also respond to HTTPS
|
||||
requests and will redirect all HTTP requests to HTTPS.
|
||||
|
@ -55,7 +55,7 @@ export function humanPath(p?: string): string {
|
||||
}
|
||||
|
||||
export const generateCertificate = async (): Promise<{ cert: string; certKey: string }> => {
|
||||
const certPath = path.join(paths.data, "self-signed.cert")
|
||||
const certPath = path.join(paths.data, "self-signed.crt")
|
||||
const certKeyPath = path.join(paths.data, "self-signed.key")
|
||||
|
||||
const checks = await Promise.all([fs.pathExists(certPath), fs.pathExists(certKeyPath)])
|
||||
@ -64,9 +64,25 @@ export const generateCertificate = async (): Promise<{ cert: string; certKey: st
|
||||
// generate certificates.
|
||||
const pem = require("pem") as typeof import("pem")
|
||||
const certs = await new Promise<import("pem").CertificateCreationResult>((resolve, reject): void => {
|
||||
pem.createCertificate({ selfSigned: true }, (error, result) => {
|
||||
pem.createCertificate(
|
||||
{
|
||||
selfSigned: true,
|
||||
config: `
|
||||
[req]
|
||||
req_extensions = v3_req
|
||||
|
||||
[ v3_req ]
|
||||
extendedKeyUsage = serverAuth
|
||||
subjectAltName = @alt_names
|
||||
|
||||
[alt_names]
|
||||
DNS.1 = localhost
|
||||
`,
|
||||
},
|
||||
(error, result) => {
|
||||
return error ? reject(error) : resolve(result)
|
||||
})
|
||||
},
|
||||
)
|
||||
})
|
||||
await fs.mkdirp(paths.data)
|
||||
await Promise.all([fs.writeFile(certPath, certs.certificate), fs.writeFile(certKeyPath, certs.serviceKey)])
|
||||
|
Reference in New Issue
Block a user