Merge remote-tracking branch 'origin/develop' for release 0.2.2

wardenenv · Feb 9, 2020 · b3ea6f4 · b3ea6f4
2 parents 48db02c + d775143
commit b3ea6f4
Show file tree

Hide file tree

Showing 4 changed files with 19 additions and 6 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,7 +1,18 @@
 # Change Log
 
 ## UNRELEASED [x.y.z](https://github.com/davidalger/warden/tree/x.y.z) (yyyy-mm-dd)
-[All Commits](https://github.com/davidalger/warden/compare/0.2.1..develop)
+[All Commits](https://github.com/davidalger/warden/compare/0.2.2..develop)
+
+## Version [0.2.2](https://github.com/davidalger/warden/tree/0.2.2) (2020-02-09)
+[All Commits](https://github.com/davidalger/warden/compare/0.2.1..0.2.2)
+
+**Enhancements:**
+
+* Updated sign-certificates command to specify "O" value and "extendedKeyUsage" to comply with stricter SSL guidelines (issue [#85](https://github.com/davidalger/warden/issues/85))
+
+**Bug Fixes:**
+
+* Fixed missing CN value on CA used to sign SSL certificates (issue [#85](https://github.com/davidalger/warden/issues/85))
 
 ## Version [0.2.1](https://github.com/davidalger/warden/tree/0.2.1) (2020-01-30)
 [All Commits](https://github.com/davidalger/warden/compare/0.2.0..0.2.1)

diff --git a/commands/install.cmd b/commands/install.cmd
@@ -31,7 +31,7 @@ if [[ ! -f "${WARDEN_SSL_DIR}/rootca/certs/ca.cert.pem" ]]; then
     -config "${WARDEN_DIR}/config/openssl/rootca.conf"        \
     -key "${WARDEN_SSL_DIR}/rootca/private/ca.key.pem"        \
     -out "${WARDEN_SSL_DIR}/rootca/certs/ca.cert.pem"         \
-    -subj "/C=US/O=Warden Proxy Local CA ($(hostname -s))"
+    -subj "/C=US/O=Warden.dev/CN=Warden Proxy Local CA ($(hostname -s))"
 fi
 
 ## trust root ca differently on Fedora, Ubuntu and macOS

diff --git a/commands/sign-certificate.cmd b/commands/sign-certificate.cmd
@@ -32,17 +32,19 @@ openssl genrsa -out "${WARDEN_SSL_DIR}/certs/${CERTIFICATE_NAME}.key.pem" 2048
 echo "==> Generating signing req ${CERTIFICATE_NAME}.crt.pem"
 openssl req -new -sha256 -config <(cat                            \
     "${WARDEN_DIR}/config/openssl/certificate.conf"               \
-    <(printf "subjectAltName = %s" "${CERTIFICATE_SAN_LIST}")     \
+    <(printf "extendedKeyUsage = serverAuth,clientAuth \n         \
+      subjectAltName = %s" "${CERTIFICATE_SAN_LIST}")             \
   )                                                               \
   -key "${WARDEN_SSL_DIR}/certs/${CERTIFICATE_NAME}.key.pem"      \
   -out "${WARDEN_SSL_DIR}/certs/${CERTIFICATE_NAME}.csr.pem"      \
-  -subj "/C=US/CN=${CERTIFICATE_NAME}"
+  -subj "/C=US/O=Warden.dev/CN=${CERTIFICATE_NAME}"
 
 echo "==> Generating certificate ${CERTIFICATE_NAME}.crt.pem"
 openssl x509 -req -days 365 -sha256 -extensions v3_req            \
   -extfile <(cat                                                  \
     "${WARDEN_DIR}/config/openssl/certificate.conf"               \
-    <(printf "subjectAltName = %s" "${CERTIFICATE_SAN_LIST}")     \
+    <(printf "extendedKeyUsage = serverAuth,clientAuth \n         \
+      subjectAltName = %s" "${CERTIFICATE_SAN_LIST}")             \
   )                                                               \
   -CA "${WARDEN_SSL_DIR}/rootca/certs/ca.cert.pem"                \
   -CAkey "${WARDEN_SSL_DIR}/rootca/private/ca.key.pem"            \

diff --git a/version b/version
@@ -1 +1 @@
-0.2.0
+0.2.2