pkg/storage/redis: use SANs cert

Since go1.15, X.509 CommonName is deprecated, switch to a SANs certificate for test redis TLS. While at it, add instruction to genearte cert and build test image. See: https://golang.org/doc/go1.15#commonname
2025-05-31 01:47:33 +02:00 · 2020-08-12 12:43:11 +07:00 · 2020-08-12 12:43:11 +07:00 · 9af2226b5b
commit 9af2226b5b
parent 4b3e07c5f5
9 changed files with 171 additions and 129 deletions
--- a/pkg/storage/redis/testdata/create_test_cert.sh
+++ b/pkg/storage/redis/testdata/create_test_cert.sh
@ -0,0 +1,27 @@
+#!/bin/bash
+
+#!/bin/bash
+mkdir -p tls
+openssl genrsa -out tls/ca.key 4096
+openssl req \
+    -x509 -new -nodes -sha256 \
+    -key tls/ca.key \
+    -days 3650 \
+    -subj '/O=Redis Test/CN=Pomerium CA' \
+    -out tls/ca.crt
+openssl genrsa -out tls/redis.key 2048
+openssl req \
+    -new -sha256 \
+    -key tls/redis.key \
+    -subj '/O=Redis Test/CN=Server' | \
+    openssl x509 \
+        -req -sha256 \
+        -CA tls/ca.crt \
+        -CAkey tls/ca.key \
+        -CAserial tls/ca.txt \
+        -CAcreateserial \
+        -days 3650 \
+        -out tls/redis.crt \
+        -extensions san \
+        -extfile tls/req.conf
+openssl dhparam -out tls/redis.dh 2048