Software / code / prosody
Annotate
certs/makefile @ 11590:5aafb832c91b
core.portmanager: Fix race condition in initialization of SNI cert map
Under some circumstances when hosts and modules are loaded in some
certain order, entries end up missing from the SNI map. This manifests
in e.g. `curl https://localhost:5281/` giving an error about
"unrecognized name".
The `service` argument is `nil` when invoked from the "host-activated"
event, leading it to iterating over every service. And then it would not
be fetching e.g. `http_host` from the config, which explains why https
would sometimes not work due to the missing name entry.
Because when `service` is included, this limits the iteration to
matching entries, while also returning the same value as the `name` loop
variable. Because `name == service when service != nil` we can use name
instead in the body of the loop.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Fri, 28 May 2021 17:09:22 +0200 |
| parent | 8593:c4222e36333c |
| rev | line source |
|---|---|
|
8593
c4222e36333c
Add makefiles compatible with BSD make
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
1 .DEFAULT: localhost.crt |
|
c4222e36333c
Add makefiles compatible with BSD make
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
2 keysize=2048 |
|
c4222e36333c
Add makefiles compatible with BSD make
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
3 |
|
c4222e36333c
Add makefiles compatible with BSD make
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
4 # How to: |
|
c4222e36333c
Add makefiles compatible with BSD make
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
5 # First, `make yourhost.cnf` which creates a openssl config file. |
|
c4222e36333c
Add makefiles compatible with BSD make
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
6 # Then edit this file and fill in the details you want it to have, |
|
c4222e36333c
Add makefiles compatible with BSD make
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
7 # and add or change hosts and components it should cover. |
|
c4222e36333c
Add makefiles compatible with BSD make
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
8 # Then `make yourhost.key` to create your private key, you can |
|
c4222e36333c
Add makefiles compatible with BSD make
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
9 # include keysize=number to change the size of the key. |
|
c4222e36333c
Add makefiles compatible with BSD make
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
10 # Then you can either `make yourhost.csr` to generate a certificate |
|
c4222e36333c
Add makefiles compatible with BSD make
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
11 # signing request that you can submit to a CA, or `make yourhost.crt` |
|
c4222e36333c
Add makefiles compatible with BSD make
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
12 # to generate a self signed certificate. |
|
c4222e36333c
Add makefiles compatible with BSD make
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
13 |
|
c4222e36333c
Add makefiles compatible with BSD make
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
14 ${.TARGETS:M*.crt}: |
|
c4222e36333c
Add makefiles compatible with BSD make
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
15 openssl req -new -x509 -newkey rsa:$(keysize) -nodes -keyout ${.TARGET:R}.key \ |
|
c4222e36333c
Add makefiles compatible with BSD make
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
16 -days 365 -sha256 -out $@ -utf8 -subj /CN=${.TARGET:R} |
|
c4222e36333c
Add makefiles compatible with BSD make
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
17 |
|
c4222e36333c
Add makefiles compatible with BSD make
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
18 .SUFFIXES: .key .crt |
