Fix #390: Use code to generate certificates for client & server #400

GuillaumeSmaha · 2023-01-11T16:12:35Z

I take inspiration from https://go.dev/src/crypto/tls/generate_cert.go to generate the certificate.

certGetCertificate allows more complex pattern like generating a CA and signing another certificate with:

	ca, _ _, err := certGetCertificate(&certConfig{
		isCA: true,
		extKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
	})

	_, serverCertPEM, serverKeyPEM, err := certGetCertificate(&certConfig{
                signCA: ca
		hosts: []string{
			"0.0.0.0",
			"localhost",
		},
		extKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
	})

I use ioutil.WriteFile instead of os.WriteFile to be compatible with older go version.

GuillaumeSmaha · 2023-01-26T10:23:15Z

@jpillora Is it what you looked for ?

jpillora · 2023-01-26T10:28:03Z

Sorry I triggered the tests and then forgot about this PR

Looks good from my phone! Hopefully will get some time tomorrow to look at it properly

Thank you for your work 😁

GuillaumeSmaha · 2023-01-26T13:43:40Z

Sorry I triggered the tests and then forgot about this PR

Looks good from my phone! Hopefully will get some time tomorrow to look at it properly

Thank you for your work grin

Your are welcome. Thanks for building this project :)

jpillora · 2023-01-27T11:50:32Z

Merged :) Thanks again!

* Set ServerName (SNI) to *hostname. Useful for spoofing our way through restrictive gateways. * Bump actions/checkout from 2 to 3.1.0 Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 3.1.0. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v2...v3.1.0) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> * Added --sni switch to control the ServerName when connecting with TLS. Makes 'domain fronting' possible. * feat: dependabot workflow automation for updating dependency Signed-off-by: Pratik Raj <[email protected]> * Bump github.com/fsnotify/fsnotify from 1.4.9 to 1.6.0 (jpillora#389) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * UDP buffer size override with CHISEL_UDP_MAX_SIZE environment variable (jpillora#367) * Add locking around the connection count to fix a data race. (jpillora#342) Co-authored-by: andres-portainer <[email protected]> * fix: small typo error in main.go (jpillora#334) * Respond to /health and /version by request path rather than by the whole url string (jpillora#328) Co-authored-by: bar <[email protected]> * Update version.go (jpillora#288) * Providing chisel's client with a logger level (jpillora#281) Co-authored-by: Barak Sharoni <[email protected]> Co-authored-by: barak-sharoni-velocity <[email protected]> * add EnvBool * Fix jpillora#390: Use code to generate certificates for client & server (jpillora#400) * docker alpine->google-distroless * docker to use scratch * Fix missing NetDialContext: c.config.DialContext (jpillora#398) * actions: setup go v3 * switch to scratch image * update dependabot * move chisel to flyio * update from upstream --------- Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: Pratik Raj <[email protected]> Co-authored-by: ip-rw <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Pratik Raj <[email protected]> Co-authored-by: Jaime Pillora <[email protected]> Co-authored-by: fsiegmund <[email protected]> Co-authored-by: andres-portainer <[email protected]> Co-authored-by: andres-portainer <[email protected]> Co-authored-by: 0xflotus <[email protected]> Co-authored-by: BigSully <[email protected]> Co-authored-by: bar <[email protected]> Co-authored-by: invist <[email protected]> Co-authored-by: zuzgon <[email protected]> Co-authored-by: Barak Sharoni <[email protected]> Co-authored-by: barak-sharoni-velocity <[email protected]> Co-authored-by: Jaime Pillora <[email protected]> Co-authored-by: Guillaume SMAHA <[email protected]>

* Set ServerName (SNI) to *hostname. Useful for spoofing our way through restrictive gateways. * Bump actions/checkout from 2 to 3.1.0 Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 3.1.0. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v2...v3.1.0) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> * Added --sni switch to control the ServerName when connecting with TLS. Makes 'domain fronting' possible. * feat: dependabot workflow automation for updating dependency Signed-off-by: Pratik Raj <[email protected]> * Bump github.com/fsnotify/fsnotify from 1.4.9 to 1.6.0 (jpillora#389) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * UDP buffer size override with CHISEL_UDP_MAX_SIZE environment variable (jpillora#367) * Add locking around the connection count to fix a data race. (jpillora#342) Co-authored-by: andres-portainer <[email protected]> * fix: small typo error in main.go (jpillora#334) * Respond to /health and /version by request path rather than by the whole url string (jpillora#328) Co-authored-by: bar <[email protected]> * Update version.go (jpillora#288) * Providing chisel's client with a logger level (jpillora#281) Co-authored-by: Barak Sharoni <[email protected]> Co-authored-by: barak-sharoni-velocity <[email protected]> * add EnvBool * Fix jpillora#390: Use code to generate certificates for client & server (jpillora#400) * docker alpine->google-distroless * docker to use scratch * Fix missing NetDialContext: c.config.DialContext (jpillora#398) * actions: setup go v3 * switch to scratch image * update dependabot * move chisel to flyio * Bump to Go 1.21 (jpillora#440) Co-authored-by: cmeng <[email protected]> * add arm v5 builds (jpillora#395) * Sync with upstream --------- Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: Pratik Raj <[email protected]> Co-authored-by: ip-rw <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Pratik Raj <[email protected]> Co-authored-by: Jaime Pillora <[email protected]> Co-authored-by: fsiegmund <[email protected]> Co-authored-by: andres-portainer <[email protected]> Co-authored-by: andres-portainer <[email protected]> Co-authored-by: 0xflotus <[email protected]> Co-authored-by: BigSully <[email protected]> Co-authored-by: bar <[email protected]> Co-authored-by: invist <[email protected]> Co-authored-by: zuzgon <[email protected]> Co-authored-by: Barak Sharoni <[email protected]> Co-authored-by: barak-sharoni-velocity <[email protected]> Co-authored-by: Jaime Pillora <[email protected]> Co-authored-by: Guillaume SMAHA <[email protected]> Co-authored-by: cmeng <[email protected]> Co-authored-by: maurerr <[email protected]>

…er (jpillora#400)

* Set ServerName (SNI) to *hostname. Useful for spoofing our way through restrictive gateways. * Bump actions/checkout from 2 to 3.1.0 Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 3.1.0. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v2...v3.1.0) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> * Added --sni switch to control the ServerName when connecting with TLS. Makes 'domain fronting' possible. * feat: dependabot workflow automation for updating dependency Signed-off-by: Pratik Raj <[email protected]> * Bump github.com/fsnotify/fsnotify from 1.4.9 to 1.6.0 (jpillora#389) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * UDP buffer size override with CHISEL_UDP_MAX_SIZE environment variable (jpillora#367) * Add locking around the connection count to fix a data race. (jpillora#342) Co-authored-by: andres-portainer <[email protected]> * fix: small typo error in main.go (jpillora#334) * Respond to /health and /version by request path rather than by the whole url string (jpillora#328) Co-authored-by: bar <[email protected]> * Update version.go (jpillora#288) * Providing chisel's client with a logger level (jpillora#281) Co-authored-by: Barak Sharoni <[email protected]> Co-authored-by: barak-sharoni-velocity <[email protected]> * add EnvBool * Fix jpillora#390: Use code to generate certificates for client & server (jpillora#400) * docker alpine->google-distroless * docker to use scratch * Fix missing NetDialContext: c.config.DialContext (jpillora#398) * actions: setup go v3 * switch to scratch image * update dependabot * move chisel to flyio * update from upstream --------- Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: Pratik Raj <[email protected]> Co-authored-by: ip-rw <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Pratik Raj <[email protected]> Co-authored-by: Jaime Pillora <[email protected]> Co-authored-by: fsiegmund <[email protected]> Co-authored-by: andres-portainer <[email protected]> Co-authored-by: andres-portainer <[email protected]> Co-authored-by: 0xflotus <[email protected]> Co-authored-by: BigSully <[email protected]> Co-authored-by: bar <[email protected]> Co-authored-by: invist <[email protected]> Co-authored-by: zuzgon <[email protected]> Co-authored-by: Barak Sharoni <[email protected]> Co-authored-by: barak-sharoni-velocity <[email protected]> Co-authored-by: Jaime Pillora <[email protected]> Co-authored-by: Guillaume SMAHA <[email protected]>

* Set ServerName (SNI) to *hostname. Useful for spoofing our way through restrictive gateways. * Bump actions/checkout from 2 to 3.1.0 Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 3.1.0. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v2...v3.1.0) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> * Added --sni switch to control the ServerName when connecting with TLS. Makes 'domain fronting' possible. * feat: dependabot workflow automation for updating dependency Signed-off-by: Pratik Raj <[email protected]> * Bump github.com/fsnotify/fsnotify from 1.4.9 to 1.6.0 (jpillora#389) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * UDP buffer size override with CHISEL_UDP_MAX_SIZE environment variable (jpillora#367) * Add locking around the connection count to fix a data race. (jpillora#342) Co-authored-by: andres-portainer <[email protected]> * fix: small typo error in main.go (jpillora#334) * Respond to /health and /version by request path rather than by the whole url string (jpillora#328) Co-authored-by: bar <[email protected]> * Update version.go (jpillora#288) * Providing chisel's client with a logger level (jpillora#281) Co-authored-by: Barak Sharoni <[email protected]> Co-authored-by: barak-sharoni-velocity <[email protected]> * add EnvBool * Fix jpillora#390: Use code to generate certificates for client & server (jpillora#400) * docker alpine->google-distroless * docker to use scratch * Fix missing NetDialContext: c.config.DialContext (jpillora#398) * actions: setup go v3 * switch to scratch image * update dependabot * move chisel to flyio * Bump to Go 1.21 (jpillora#440) Co-authored-by: cmeng <[email protected]> * add arm v5 builds (jpillora#395) * Sync with upstream --------- Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: Pratik Raj <[email protected]> Co-authored-by: ip-rw <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Pratik Raj <[email protected]> Co-authored-by: Jaime Pillora <[email protected]> Co-authored-by: fsiegmund <[email protected]> Co-authored-by: andres-portainer <[email protected]> Co-authored-by: andres-portainer <[email protected]> Co-authored-by: 0xflotus <[email protected]> Co-authored-by: BigSully <[email protected]> Co-authored-by: bar <[email protected]> Co-authored-by: invist <[email protected]> Co-authored-by: zuzgon <[email protected]> Co-authored-by: Barak Sharoni <[email protected]> Co-authored-by: barak-sharoni-velocity <[email protected]> Co-authored-by: Jaime Pillora <[email protected]> Co-authored-by: Guillaume SMAHA <[email protected]> Co-authored-by: cmeng <[email protected]> Co-authored-by: maurerr <[email protected]>

@testwill

* Set ServerName (SNI) to *hostname. Useful for spoofing our way through restrictive gateways. * Bump actions/checkout from 2 to 3.1.0 Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 3.1.0. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v2...v3.1.0) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> * Added --sni switch to control the ServerName when connecting with TLS. Makes 'domain fronting' possible. * feat: dependabot workflow automation for updating dependency Signed-off-by: Pratik Raj <[email protected]> * Bump github.com/fsnotify/fsnotify from 1.4.9 to 1.6.0 (jpillora#389) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * UDP buffer size override with CHISEL_UDP_MAX_SIZE environment variable (jpillora#367) * Add locking around the connection count to fix a data race. (jpillora#342) Co-authored-by: andres-portainer <[email protected]> * fix: small typo error in main.go (jpillora#334) * Respond to /health and /version by request path rather than by the whole url string (jpillora#328) Co-authored-by: bar <[email protected]> * Update version.go (jpillora#288) * Providing chisel's client with a logger level (jpillora#281) Co-authored-by: Barak Sharoni <[email protected]> Co-authored-by: barak-sharoni-velocity <[email protected]> * add EnvBool * Fix jpillora#390: Use code to generate certificates for client & server (jpillora#400) * docker alpine->google-distroless * docker to use scratch * Fix missing NetDialContext: c.config.DialContext (jpillora#398) * actions: setup go v3 * switch to scratch image * update dependabot * move chisel to flyio * Bump to Go 1.21 (jpillora#440) Co-authored-by: cmeng <[email protected]> * add arm v5 builds (jpillora#395) * chore: remove refs to deprecated io/ioutil (jpillora#459) thanks @testwill * Bump golang.org/x/crypto from 0.12.0 to 0.16.0 (jpillora#473) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump golang.org/x/sync from 0.3.0 to 0.5.0 (jpillora#472) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump actions/setup-go from 3 to 5 (jpillora#484) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump to Go 1.22. Add `.rpm` `.deb` and `.akp` to releases. Fix bad version comparison. * fix chisel version in docker image (closes jpillora#228) * always test with latest stable binaries are already released with latest goreleaser, docker image uses alpine:go, both are latest stable go, so makes sense to always test with latest stable too * SLB mods and garble releaser * Use latest garble --------- Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: Pratik Raj <[email protected]> Co-authored-by: ip-rw <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Pratik Raj <[email protected]> Co-authored-by: Jaime Pillora <[email protected]> Co-authored-by: fsiegmund <[email protected]> Co-authored-by: andres-portainer <[email protected]> Co-authored-by: andres-portainer <[email protected]> Co-authored-by: 0xflotus <[email protected]> Co-authored-by: BigSully <[email protected]> Co-authored-by: bar <[email protected]> Co-authored-by: invist <[email protected]> Co-authored-by: zuzgon <[email protected]> Co-authored-by: Barak Sharoni <[email protected]> Co-authored-by: barak-sharoni-velocity <[email protected]> Co-authored-by: Jaime Pillora <[email protected]> Co-authored-by: Guillaume SMAHA <[email protected]> Co-authored-by: cmeng <[email protected]> Co-authored-by: maurerr <[email protected]> Co-authored-by: guangwu <[email protected]> Co-authored-by: Leon Verrall <[email protected]>

GuillaumeSmaha added 2 commits January 11, 2023 17:11

Fix jpillora#390: Use code to generate certificates for client & server

8d17676

Run tests against new golang version

92acf71

jpillora merged commit fbc8ad9 into jpillora:master Jan 27, 2023

GuillaumeSmaha deleted the fix_test_go_1.19 branch January 27, 2023 13:36

NewtonMan pushed a commit to OutSystems/chisel that referenced this pull request Oct 11, 2024

Fix jpillora#390: Use code to generate certificates for client & serv…

02235c9

…er (jpillora#400)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Fix #390: Use code to generate certificates for client & server #400

Fix #390: Use code to generate certificates for client & server #400

Uh oh!

GuillaumeSmaha commented Jan 11, 2023

Uh oh!

GuillaumeSmaha commented Jan 26, 2023

Uh oh!

jpillora commented Jan 26, 2023

Uh oh!

GuillaumeSmaha commented Jan 26, 2023

Uh oh!

jpillora commented Jan 27, 2023

Uh oh!

Uh oh!

Fix #390: Use code to generate certificates for client & server #400

Fix #390: Use code to generate certificates for client & server #400

Uh oh!

Conversation

GuillaumeSmaha commented Jan 11, 2023

Uh oh!

GuillaumeSmaha commented Jan 26, 2023

Uh oh!

jpillora commented Jan 26, 2023

Uh oh!

GuillaumeSmaha commented Jan 26, 2023

Uh oh!

jpillora commented Jan 27, 2023

Uh oh!

Uh oh!