This repository has been archived by the owner on Aug 18, 2020. It is now read-only.
[DEVOPS-992] Fix x509 generator SANs to work with IP addresses #3390
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Currently on 1.3.0, if an IP SAN is set, it treats it as a DNS name instead and still throws an invalid certificate error, which also can break daedalus on the demo cluster. This is fixed in develop and proposed to be targeted to 1.3.1 release to fix this issue. This would also be an issue for any exchanges running the x509 tool manually to generate a CA that specified SAN's other than localhost, for example if they had a LAN or public IP they wanted the wallet to use and be secured/trusted with SSL by any application/browser with the ca.crt loaded into the trust store.
(cherry picked from commit 834ade8)
Description
https://iohk.myjetbrains.com/youtrack/issue/DEVOPS-992
Linked issue
https://iohk.myjetbrains.com/youtrack/issue/DEVOPS-992
Type of change
Developer checklist
Testing checklist
QA Steps
Screenshots (if available)