From 012a0c12e85411777b6c6d9444081e1f6156757d Mon Sep 17 00:00:00 2001 From: Steve Manuel Date: Sun, 25 Dec 2016 12:07:59 -0800 Subject: adding more error handling on buffer writes, removing old code --- system/api/handlers.go | 14 ++++---------- system/db/config.go | 5 ++++- 2 files changed, 8 insertions(+), 11 deletions(-) (limited to 'system') diff --git a/system/api/handlers.go b/system/api/handlers.go index 788b2a0..7b59dbd 100644 --- a/system/api/handlers.go +++ b/system/api/handlers.go @@ -180,15 +180,6 @@ func toJSON(data []string) ([]byte, error) { return buf.Bytes(), nil } -func wrapJSON(json []byte) []byte { - var buf = &bytes.Buffer{} - buf.Write([]byte(`{"data":`)) - buf.Write(json) - buf.Write([]byte(`}`)) - - return buf.Bytes() -} - // sendData() should be used any time you want to communicate // data back to a foreign client func sendData(res http.ResponseWriter, data []byte, code int) { @@ -196,7 +187,10 @@ func sendData(res http.ResponseWriter, data []byte, code int) { res.Header().Set("Access-Control-Allow-Origin", "*") res.Header().Set("Content-Type", "application/json") res.WriteHeader(code) - res.Write(data) + _, err := res.Write(data) + if err != nil { + log.Println("Error writing to response in sendData") + } } // SendPreflight is used to respond to a cross-origin "OPTIONS" request diff --git a/system/db/config.go b/system/db/config.go index ce76021..45b3952 100644 --- a/system/db/config.go +++ b/system/db/config.go @@ -108,7 +108,10 @@ func ConfigAll() ([]byte, error) { val := &bytes.Buffer{} err := store.View(func(tx *bolt.Tx) error { b := tx.Bucket([]byte("__config")) - val.Write(b.Get([]byte("settings"))) + _, err := val.Write(b.Get([]byte("settings"))) + if err != nil { + return err + } return nil }) -- cgit v1.2.3 From be0180623c456ea661c3d71fb13dbeb1f1ba7bd1 Mon Sep 17 00:00:00 2001 From: Steve Manuel Date: Tue, 27 Dec 2016 10:53:40 -0800 Subject: adding self-signed cert generator for local https/http2 testing --- system/tls/devcerts.go | 143 ++++++++++++++++++++++++++++++++++++++++++++++++ system/tls/enable.go | 3 +- system/tls/enabledev.go | 23 ++++++++ 3 files changed, 168 insertions(+), 1 deletion(-) create mode 100644 system/tls/devcerts.go create mode 100644 system/tls/enabledev.go (limited to 'system') diff --git a/system/tls/devcerts.go b/system/tls/devcerts.go new file mode 100644 index 0000000..7d07a4a --- /dev/null +++ b/system/tls/devcerts.go @@ -0,0 +1,143 @@ +// Copyright 2009 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +// Modified 2016 by Steve Manuel, Boss Sauce Creative, LLC +// All modifications are relicensed under the same BSD license +// found in the LICENSE file. + +// Generate a self-signed X.509 certificate for a TLS server. Outputs to +// 'devcerts/cert.pem' and 'devcerts/key.pem' and will overwrite existing files. + +package tls + +import ( + "crypto/ecdsa" + "crypto/rand" + "crypto/rsa" + "crypto/x509" + "crypto/x509/pkix" + "encoding/pem" + "fmt" + "log" + "math/big" + "net" + "os" + "path/filepath" + "strings" + "time" + + "github.com/ponzu-cms/ponzu/system/db" +) + +func publicKey(priv interface{}) interface{} { + switch k := priv.(type) { + case *rsa.PrivateKey: + return &k.PublicKey + case *ecdsa.PrivateKey: + return &k.PublicKey + default: + return nil + } +} + +func pemBlockForKey(priv interface{}) *pem.Block { + switch k := priv.(type) { + case *rsa.PrivateKey: + return &pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(k)} + case *ecdsa.PrivateKey: + b, err := x509.MarshalECPrivateKey(k) + if err != nil { + fmt.Fprintf(os.Stderr, "Unable to marshal ECDSA private key: %v", err) + os.Exit(2) + } + return &pem.Block{Type: "EC PRIVATE KEY", Bytes: b} + default: + return nil + } +} + +func setupDev() { + var priv interface{} + var err error + + priv, err = rsa.GenerateKey(rand.Reader, 2048) + + if err != nil { + log.Fatalf("failed to generate private key: %s", err) + } + + notBefore := time.Now() + notAfter := notBefore.Add(time.Hour * 24 * 30) // valid for 30 days + + serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128) + serialNumber, err := rand.Int(rand.Reader, serialNumberLimit) + if err != nil { + log.Fatalf("failed to generate serial number: %s", err) + } + + template := x509.Certificate{ + SerialNumber: serialNumber, + Subject: pkix.Name{ + Organization: []string{"Acme Co"}, + }, + NotBefore: notBefore, + NotAfter: notAfter, + + KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature, + ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth}, + BasicConstraintsValid: true, + } + + host := db.ConfigCache("domain") + if host == "" { + host = "localhost, 0.0.0.0" + } + hosts := strings.Split(host, ",") + for _, h := range hosts { + if ip := net.ParseIP(h); ip != nil { + template.IPAddresses = append(template.IPAddresses, ip) + } else { + template.DNSNames = append(template.DNSNames, h) + } + } + + // make all certs CA + template.IsCA = true + template.KeyUsage |= x509.KeyUsageCertSign + + derBytes, err := x509.CreateCertificate(rand.Reader, &template, &template, publicKey(priv), priv) + if err != nil { + log.Fatalln("Failed to create certificate:", err) + } + + // overwrite/create directory for devcerts + pwd, err := os.Getwd() + if err != nil { + log.Fatalln("Couldn't find working directory to locate or save dev certificates.") + } + + devcertsPath := filepath.Join(pwd, "system", "tls", "devcerts") + + err = os.Mkdir(devcertsPath, os.ModePerm|os.ModePerm) + if err != nil { + log.Fatalln("Failed to create directory to locate or save dev certificates.") + } + + certOut, err := os.Create(filepath.Join(devcertsPath, "cert.pem")) + if err != nil { + log.Fatalf("failed to open devcerts/cert.pem for writing: %s", err) + } + pem.Encode(certOut, &pem.Block{Type: "CERTIFICATE", Bytes: derBytes}) + certOut.Close() + log.Print("written devcerts/cert.pem\n") + + keyOut, err := os.OpenFile(filepath.Join(devcertsPath, "key.pem"), os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600) + if err != nil { + log.Print("failed to open devcerts/key.pem for writing:", err) + return + } + pem.Encode(keyOut, pemBlockForKey(priv)) + keyOut.Close() + log.Print("written devcerts/key.pem\n") +} diff --git a/system/tls/enable.go b/system/tls/enable.go index 04f032a..5e16b92 100644 --- a/system/tls/enable.go +++ b/system/tls/enable.go @@ -65,7 +65,8 @@ func setup() { } -// Enable runs the setup for creating or locating certificates and starts the TLS server +// Enable runs the setup for creating or locating production certificates and +// starts the TLS server func Enable() { setup() diff --git a/system/tls/enabledev.go b/system/tls/enabledev.go new file mode 100644 index 0000000..18da161 --- /dev/null +++ b/system/tls/enabledev.go @@ -0,0 +1,23 @@ +package tls + +import ( + "log" + "net/http" + "path/filepath" +) + +// EnableDev generates self-signed SSL certificates to use HTTPS & HTTP/2 while +// working in a development environment. The certs are saved in a different +// directory than the production certs (from Let's Encrypt), so that the +// acme/autocert package doesn't mistake them for it's own. +// Additionally, a TLS server is started using the default http mux. +func EnableDev() { + setupDev() + + cert := filepath.Join("devcerts", "cert.pem") + key := filepath.Join("devcerts", "key.pem") + err := http.ListenAndServeTLS(":10443", cert, key, nil) + if err != nil { + log.Fatalln(err) + } +} -- cgit v1.2.3 From da91906c2c810ae4101890751aa402851c2556ad Mon Sep 17 00:00:00 2001 From: Steve Manuel Date: Tue, 27 Dec 2016 11:00:02 -0800 Subject: adding error logging to debug --- system/tls/devcerts.go | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) (limited to 'system') diff --git a/system/tls/devcerts.go b/system/tls/devcerts.go index 7d07a4a..5e8801d 100644 --- a/system/tls/devcerts.go +++ b/system/tls/devcerts.go @@ -114,30 +114,29 @@ func setupDev() { // overwrite/create directory for devcerts pwd, err := os.Getwd() if err != nil { - log.Fatalln("Couldn't find working directory to locate or save dev certificates.") + log.Fatalln("Couldn't find working directory to locate or save dev certificates:", err) } devcertsPath := filepath.Join(pwd, "system", "tls", "devcerts") + fmt.Println(devcertsPath) err = os.Mkdir(devcertsPath, os.ModePerm|os.ModePerm) if err != nil { - log.Fatalln("Failed to create directory to locate or save dev certificates.") + log.Fatalln("Failed to create directory to locate or save dev certificates:", err) } certOut, err := os.Create(filepath.Join(devcertsPath, "cert.pem")) if err != nil { - log.Fatalf("failed to open devcerts/cert.pem for writing: %s", err) + log.Fatalln("Failed to open devcerts/cert.pem for writing:", err) } pem.Encode(certOut, &pem.Block{Type: "CERTIFICATE", Bytes: derBytes}) certOut.Close() - log.Print("written devcerts/cert.pem\n") keyOut, err := os.OpenFile(filepath.Join(devcertsPath, "key.pem"), os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600) if err != nil { - log.Print("failed to open devcerts/key.pem for writing:", err) + log.Fatalln("Failed to open devcerts/key.pem for writing:", err) return } pem.Encode(keyOut, pemBlockForKey(priv)) keyOut.Close() - log.Print("written devcerts/key.pem\n") } -- cgit v1.2.3 From 13e4352d8721700b5114b5643446cbe9449ccbbe Mon Sep 17 00:00:00 2001 From: Steve Manuel Date: Tue, 27 Dec 2016 11:03:26 -0800 Subject: need vendored system path for tls certs --- system/tls/devcerts.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'system') diff --git a/system/tls/devcerts.go b/system/tls/devcerts.go index 5e8801d..d6250a1 100644 --- a/system/tls/devcerts.go +++ b/system/tls/devcerts.go @@ -117,7 +117,8 @@ func setupDev() { log.Fatalln("Couldn't find working directory to locate or save dev certificates:", err) } - devcertsPath := filepath.Join(pwd, "system", "tls", "devcerts") + vendorTLSPath := filepath.Join(pwd, "cmd", "ponzu", "vendor", "ponzu-cms", "ponzu", "system", "tls") + devcertsPath := filepath.Join(vendorTLSPath, "devcerts") fmt.Println(devcertsPath) err = os.Mkdir(devcertsPath, os.ModePerm|os.ModePerm) -- cgit v1.2.3 From ca2e25ed54e18ff392b9be8a76ead76b22370fdd Mon Sep 17 00:00:00 2001 From: Steve Manuel Date: Tue, 27 Dec 2016 11:08:15 -0800 Subject: updated vendored system path for tls certs --- system/tls/devcerts.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system') diff --git a/system/tls/devcerts.go b/system/tls/devcerts.go index d6250a1..683f459 100644 --- a/system/tls/devcerts.go +++ b/system/tls/devcerts.go @@ -117,7 +117,7 @@ func setupDev() { log.Fatalln("Couldn't find working directory to locate or save dev certificates:", err) } - vendorTLSPath := filepath.Join(pwd, "cmd", "ponzu", "vendor", "ponzu-cms", "ponzu", "system", "tls") + vendorTLSPath := filepath.Join(pwd, "cmd", "ponzu", "vendor", "github.com", "ponzu-cms", "ponzu", "system", "tls") devcertsPath := filepath.Join(vendorTLSPath, "devcerts") fmt.Println(devcertsPath) -- cgit v1.2.3 From 60bc804844b8458666225b6a36f88da8f901269d Mon Sep 17 00:00:00 2001 From: Steve Manuel Date: Tue, 27 Dec 2016 17:31:40 -0800 Subject: adding vendor path to location of certs in EnableDev --- system/tls/enabledev.go | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) (limited to 'system') diff --git a/system/tls/enabledev.go b/system/tls/enabledev.go index 18da161..ea0a329 100644 --- a/system/tls/enabledev.go +++ b/system/tls/enabledev.go @@ -3,6 +3,7 @@ package tls import ( "log" "net/http" + "os" "path/filepath" ) @@ -14,9 +15,16 @@ import ( func EnableDev() { setupDev() - cert := filepath.Join("devcerts", "cert.pem") - key := filepath.Join("devcerts", "key.pem") - err := http.ListenAndServeTLS(":10443", cert, key, nil) + pwd, err := os.Getwd() + if err != nil { + log.Fatalln("Couldn't find working directory to activate dev certificates:", err) + } + + vendorPath := filepath.Join(pwd, "cmd", "ponzu", "vendor", "github.com", "ponzu-cms", "ponzu", "system", "tls") + + cert := filepath.Join(vendorPath, "devcerts", "cert.pem") + key := filepath.Join(vendorPath, "devcerts", "key.pem") + err = http.ListenAndServeTLS(":10443", cert, key, nil) if err != nil { log.Fatalln(err) } -- cgit v1.2.3 From 2f5d490c6f61d83cf3bac0481cd4cbf288822965 Mon Sep 17 00:00:00 2001 From: Steve Manuel Date: Tue, 27 Dec 2016 17:37:23 -0800 Subject: adding digital sig as option for key usage --- system/tls/devcerts.go | 1 + 1 file changed, 1 insertion(+) (limited to 'system') diff --git a/system/tls/devcerts.go b/system/tls/devcerts.go index 683f459..0fd00fb 100644 --- a/system/tls/devcerts.go +++ b/system/tls/devcerts.go @@ -105,6 +105,7 @@ func setupDev() { // make all certs CA template.IsCA = true template.KeyUsage |= x509.KeyUsageCertSign + template.KeyUsage |= x509.KeyUsageDigitalSignature derBytes, err := x509.CreateCertificate(rand.Reader, &template, &template, publicKey(priv), priv) if err != nil { -- cgit v1.2.3 From 5155e01f53d90a4bc22550add28fd50035a9e202 Mon Sep 17 00:00:00 2001 From: Steve Manuel Date: Tue, 27 Dec 2016 17:39:53 -0800 Subject: changing cert to not be a CA --- system/tls/devcerts.go | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) (limited to 'system') diff --git a/system/tls/devcerts.go b/system/tls/devcerts.go index 0fd00fb..faa8eb7 100644 --- a/system/tls/devcerts.go +++ b/system/tls/devcerts.go @@ -79,7 +79,7 @@ func setupDev() { template := x509.Certificate{ SerialNumber: serialNumber, Subject: pkix.Name{ - Organization: []string{"Acme Co"}, + Organization: []string{"Ponzu Dev Server"}, }, NotBefore: notBefore, NotAfter: notAfter, @@ -103,9 +103,8 @@ func setupDev() { } // make all certs CA - template.IsCA = true - template.KeyUsage |= x509.KeyUsageCertSign - template.KeyUsage |= x509.KeyUsageDigitalSignature + // template.IsCA = true + // template.KeyUsage |= x509.KeyUsageCertSign derBytes, err := x509.CreateCertificate(rand.Reader, &template, &template, publicKey(priv), priv) if err != nil { -- cgit v1.2.3 From a826762a43e49f33f5be22b2a05ed7b9a1ce3dc6 Mon Sep 17 00:00:00 2001 From: Steve Manuel Date: Tue, 27 Dec 2016 17:49:09 -0800 Subject: add additional cert usage back for testing --- system/tls/devcerts.go | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) (limited to 'system') diff --git a/system/tls/devcerts.go b/system/tls/devcerts.go index faa8eb7..8b2f013 100644 --- a/system/tls/devcerts.go +++ b/system/tls/devcerts.go @@ -24,7 +24,6 @@ import ( "net" "os" "path/filepath" - "strings" "time" "github.com/ponzu-cms/ponzu/system/db" @@ -89,11 +88,12 @@ func setupDev() { BasicConstraintsValid: true, } - host := db.ConfigCache("domain") - if host == "" { - host = "localhost, 0.0.0.0" + hosts := []string{"localhost", "0.0.0.0"} + domain := db.ConfigCache("domain") + if domain != "" { + hosts = append(hosts, domain) } - hosts := strings.Split(host, ",") + for _, h := range hosts { if ip := net.ParseIP(h); ip != nil { template.IPAddresses = append(template.IPAddresses, ip) @@ -102,9 +102,10 @@ func setupDev() { } } + hosts = []string{"localhost", "0.0.0.0"} // make all certs CA // template.IsCA = true - // template.KeyUsage |= x509.KeyUsageCertSign + template.KeyUsage |= x509.KeyUsageCertSign derBytes, err := x509.CreateCertificate(rand.Reader, &template, &template, publicKey(priv), priv) if err != nil { -- cgit v1.2.3 From e13cbb199623a8462297bebb4a22952418cc046d Mon Sep 17 00:00:00 2001 From: Steve Manuel Date: Tue, 27 Dec 2016 17:51:26 -0800 Subject: adding CA option back for testing --- system/tls/devcerts.go | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'system') diff --git a/system/tls/devcerts.go b/system/tls/devcerts.go index 8b2f013..b7d256e 100644 --- a/system/tls/devcerts.go +++ b/system/tls/devcerts.go @@ -102,9 +102,8 @@ func setupDev() { } } - hosts = []string{"localhost", "0.0.0.0"} // make all certs CA - // template.IsCA = true + template.IsCA = true template.KeyUsage |= x509.KeyUsageCertSign derBytes, err := x509.CreateCertificate(rand.Reader, &template, &template, publicKey(priv), priv) -- cgit v1.2.3 From 12f8a4bb8ddb06f3e5c9706b19033566ea4b068a Mon Sep 17 00:00:00 2001 From: Steve Manuel Date: Tue, 27 Dec 2016 18:03:20 -0800 Subject: remove old certs if found --- system/tls/devcerts.go | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'system') diff --git a/system/tls/devcerts.go b/system/tls/devcerts.go index b7d256e..d22f541 100644 --- a/system/tls/devcerts.go +++ b/system/tls/devcerts.go @@ -121,6 +121,12 @@ func setupDev() { devcertsPath := filepath.Join(vendorTLSPath, "devcerts") fmt.Println(devcertsPath) + // clear all old certs if found + err = os.RemoveAll(devcertsPath) + if err != nil { + log.Fatalln("Failed to remove old files from dev certificate directory:", err) + } + err = os.Mkdir(devcertsPath, os.ModePerm|os.ModePerm) if err != nil { log.Fatalln("Failed to create directory to locate or save dev certificates:", err) -- cgit v1.2.3 From 35d9b7643685812ef67c4861df405d553a0107d4 Mon Sep 17 00:00:00 2001 From: Steve Manuel Date: Tue, 27 Dec 2016 18:13:13 -0800 Subject: trying alternate key gen algorithm --- system/tls/devcerts.go | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'system') diff --git a/system/tls/devcerts.go b/system/tls/devcerts.go index d22f541..1ec141a 100644 --- a/system/tls/devcerts.go +++ b/system/tls/devcerts.go @@ -13,6 +13,7 @@ package tls import ( "crypto/ecdsa" + "crypto/elliptic" "crypto/rand" "crypto/rsa" "crypto/x509" @@ -60,7 +61,8 @@ func setupDev() { var priv interface{} var err error - priv, err = rsa.GenerateKey(rand.Reader, 2048) + // priv, err = rsa.GenerateKey(rand.Reader, 2048) + priv, err = ecdsa.GenerateKey(elliptic.P521(), rand.Reader) if err != nil { log.Fatalf("failed to generate private key: %s", err) -- cgit v1.2.3 From 8243295555ad5b12ddc1cad8f08860ce126fa8d4 Mon Sep 17 00:00:00 2001 From: Steve Manuel Date: Tue, 27 Dec 2016 18:18:17 -0800 Subject: adding alternate usage and ca options --- system/tls/devcerts.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'system') diff --git a/system/tls/devcerts.go b/system/tls/devcerts.go index 1ec141a..cac7491 100644 --- a/system/tls/devcerts.go +++ b/system/tls/devcerts.go @@ -105,8 +105,8 @@ func setupDev() { } // make all certs CA - template.IsCA = true - template.KeyUsage |= x509.KeyUsageCertSign + // template.IsCA = true + // template.KeyUsage |= x509.KeyUsageCertSign derBytes, err := x509.CreateCertificate(rand.Reader, &template, &template, publicKey(priv), priv) if err != nil { -- cgit v1.2.3 From 274075efa0173b9085f9955f6595cc7fe441776b Mon Sep 17 00:00:00 2001 From: Steve Manuel Date: Tue, 27 Dec 2016 18:23:07 -0800 Subject: trying alternate key gen algorithm --- system/tls/devcerts.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'system') diff --git a/system/tls/devcerts.go b/system/tls/devcerts.go index cac7491..e1fc4e3 100644 --- a/system/tls/devcerts.go +++ b/system/tls/devcerts.go @@ -62,7 +62,8 @@ func setupDev() { var err error // priv, err = rsa.GenerateKey(rand.Reader, 2048) - priv, err = ecdsa.GenerateKey(elliptic.P521(), rand.Reader) + // priv, err = ecdsa.GenerateKey(elliptic.P521(), rand.Reader) + priv, err = ecdsa.GenerateKey(elliptic.P384(), rand.Reader) if err != nil { log.Fatalf("failed to generate private key: %s", err) -- cgit v1.2.3 From c652d31a3c620340f8c1fbc65042f1c769006a91 Mon Sep 17 00:00:00 2001 From: Steve Manuel Date: Tue, 27 Dec 2016 18:26:03 -0800 Subject: trying alternate key gen algorithm --- system/tls/devcerts.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'system') diff --git a/system/tls/devcerts.go b/system/tls/devcerts.go index e1fc4e3..4d0c9f3 100644 --- a/system/tls/devcerts.go +++ b/system/tls/devcerts.go @@ -106,8 +106,8 @@ func setupDev() { } // make all certs CA - // template.IsCA = true - // template.KeyUsage |= x509.KeyUsageCertSign + template.IsCA = true + template.KeyUsage |= x509.KeyUsageCertSign derBytes, err := x509.CreateCertificate(rand.Reader, &template, &template, publicKey(priv), priv) if err != nil { -- cgit v1.2.3 From 659154da8b8d8ade0abd0c8da4f928f108a7558d Mon Sep 17 00:00:00 2001 From: Steve Manuel Date: Wed, 28 Dec 2016 08:46:34 -0800 Subject: adding more desctiptive print messages, putting devhttps server on goroutine --- system/tls/enable.go | 4 ++-- system/tls/enabledev.go | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) (limited to 'system') diff --git a/system/tls/enable.go b/system/tls/enable.go index 5e16b92..77ff287 100644 --- a/system/tls/enable.go +++ b/system/tls/enable.go @@ -65,7 +65,7 @@ func setup() { } -// Enable runs the setup for creating or locating production certificates and +// Enable runs the setup for creating or locating production certificates and // starts the TLS server func Enable() { setup() @@ -76,5 +76,5 @@ func Enable() { } go log.Fatalln(server.ListenAndServeTLS("", "")) - fmt.Println("Server listening for HTTPS requests...") + fmt.Println("Server listening on :443 for HTTPS requests...") } diff --git a/system/tls/enabledev.go b/system/tls/enabledev.go index ea0a329..092701a 100644 --- a/system/tls/enabledev.go +++ b/system/tls/enabledev.go @@ -1,6 +1,7 @@ package tls import ( + "fmt" "log" "net/http" "os" @@ -24,8 +25,7 @@ func EnableDev() { cert := filepath.Join(vendorPath, "devcerts", "cert.pem") key := filepath.Join(vendorPath, "devcerts", "key.pem") - err = http.ListenAndServeTLS(":10443", cert, key, nil) - if err != nil { - log.Fatalln(err) - } + + go log.Fatalln(http.ListenAndServeTLS(":10443", cert, key, nil)) + fmt.Println("Server listening on :10443 for HTTPS requests... [DEV]") } -- cgit v1.2.3 From abb215898632a947adf1c3cbf4a1a6abc83c477c Mon Sep 17 00:00:00 2001 From: Steve Manuel Date: Wed, 28 Dec 2016 15:34:15 -0800 Subject: reverting to more simple key gen algorithm --- system/tls/devcerts.go | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) (limited to 'system') diff --git a/system/tls/devcerts.go b/system/tls/devcerts.go index 4d0c9f3..d22f541 100644 --- a/system/tls/devcerts.go +++ b/system/tls/devcerts.go @@ -13,7 +13,6 @@ package tls import ( "crypto/ecdsa" - "crypto/elliptic" "crypto/rand" "crypto/rsa" "crypto/x509" @@ -61,9 +60,7 @@ func setupDev() { var priv interface{} var err error - // priv, err = rsa.GenerateKey(rand.Reader, 2048) - // priv, err = ecdsa.GenerateKey(elliptic.P521(), rand.Reader) - priv, err = ecdsa.GenerateKey(elliptic.P384(), rand.Reader) + priv, err = rsa.GenerateKey(rand.Reader, 2048) if err != nil { log.Fatalf("failed to generate private key: %s", err) -- cgit v1.2.3 From cdc165406e11090263236a5a6afce3e84077bdf9 Mon Sep 17 00:00:00 2001 From: Steve Manuel Date: Wed, 28 Dec 2016 15:42:11 -0800 Subject: adding hint to troubleshoot ssl cert issues on chrome --- system/tls/enabledev.go | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'system') diff --git a/system/tls/enabledev.go b/system/tls/enabledev.go index 092701a..35c8e45 100644 --- a/system/tls/enabledev.go +++ b/system/tls/enabledev.go @@ -27,5 +27,8 @@ func EnableDev() { key := filepath.Join(vendorPath, "devcerts", "key.pem") go log.Fatalln(http.ListenAndServeTLS(":10443", cert, key, nil)) - fmt.Println("Server listening on :10443 for HTTPS requests... [DEV]") + fmt.Println("Server listening on https://localhost:10443 for requests... [DEV]") + fmt.Println("----") + fmt.Println("If your browser rejects HTTPS requests, try allowing insecure connections on localhost.") + fmt.Println("on Chrome, visit chrome://flags/#allow-insecure-localhost") } -- cgit v1.2.3 From 44a55ad6a05bc720e44f3dd762ca1d9cf3f5579a Mon Sep 17 00:00:00 2001 From: Steve Manuel Date: Wed, 28 Dec 2016 15:48:22 -0800 Subject: removing old fmt print for debug --- system/tls/devcerts.go | 1 - 1 file changed, 1 deletion(-) (limited to 'system') diff --git a/system/tls/devcerts.go b/system/tls/devcerts.go index d22f541..b41f099 100644 --- a/system/tls/devcerts.go +++ b/system/tls/devcerts.go @@ -119,7 +119,6 @@ func setupDev() { vendorTLSPath := filepath.Join(pwd, "cmd", "ponzu", "vendor", "github.com", "ponzu-cms", "ponzu", "system", "tls") devcertsPath := filepath.Join(vendorTLSPath, "devcerts") - fmt.Println(devcertsPath) // clear all old certs if found err = os.RemoveAll(devcertsPath) -- cgit v1.2.3 From 8e5aca003ca90e65b9812a4a826a5f8b768b59bb Mon Sep 17 00:00:00 2001 From: Steve Manuel Date: Wed, 28 Dec 2016 16:03:16 -0800 Subject: moving call point of goroutine to be more visible to user --- system/tls/enable.go | 2 +- system/tls/enabledev.go | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'system') diff --git a/system/tls/enable.go b/system/tls/enable.go index 77ff287..7017201 100644 --- a/system/tls/enable.go +++ b/system/tls/enable.go @@ -75,6 +75,6 @@ func Enable() { TLSConfig: &tls.Config{GetCertificate: m.GetCertificate}, } - go log.Fatalln(server.ListenAndServeTLS("", "")) + log.Fatalln(server.ListenAndServeTLS("", "")) fmt.Println("Server listening on :443 for HTTPS requests...") } diff --git a/system/tls/enabledev.go b/system/tls/enabledev.go index 35c8e45..394666b 100644 --- a/system/tls/enabledev.go +++ b/system/tls/enabledev.go @@ -26,7 +26,7 @@ func EnableDev() { cert := filepath.Join(vendorPath, "devcerts", "cert.pem") key := filepath.Join(vendorPath, "devcerts", "key.pem") - go log.Fatalln(http.ListenAndServeTLS(":10443", cert, key, nil)) + log.Fatalln(http.ListenAndServeTLS(":10443", cert, key, nil)) fmt.Println("Server listening on https://localhost:10443 for requests... [DEV]") fmt.Println("----") fmt.Println("If your browser rejects HTTPS requests, try allowing insecure connections on localhost.") -- cgit v1.2.3 From 5c340ca57e876a556a5b57e5a7dd32b0ae288440 Mon Sep 17 00:00:00 2001 From: Steve Manuel Date: Wed, 28 Dec 2016 16:12:49 -0800 Subject: moving dev notes in run command to main --- system/tls/enable.go | 1 - system/tls/enabledev.go | 5 ----- 2 files changed, 6 deletions(-) (limited to 'system') diff --git a/system/tls/enable.go b/system/tls/enable.go index 7017201..c6f65b3 100644 --- a/system/tls/enable.go +++ b/system/tls/enable.go @@ -76,5 +76,4 @@ func Enable() { } log.Fatalln(server.ListenAndServeTLS("", "")) - fmt.Println("Server listening on :443 for HTTPS requests...") } diff --git a/system/tls/enabledev.go b/system/tls/enabledev.go index 394666b..3550fc0 100644 --- a/system/tls/enabledev.go +++ b/system/tls/enabledev.go @@ -1,7 +1,6 @@ package tls import ( - "fmt" "log" "net/http" "os" @@ -27,8 +26,4 @@ func EnableDev() { key := filepath.Join(vendorPath, "devcerts", "key.pem") log.Fatalln(http.ListenAndServeTLS(":10443", cert, key, nil)) - fmt.Println("Server listening on https://localhost:10443 for requests... [DEV]") - fmt.Println("----") - fmt.Println("If your browser rejects HTTPS requests, try allowing insecure connections on localhost.") - fmt.Println("on Chrome, visit chrome://flags/#allow-insecure-localhost") } -- cgit v1.2.3