Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: generate 2048-bit tls certs #1692

Merged
merged 1 commit into from
Aug 25, 2020
Merged

feat: generate 2048-bit tls certs #1692

merged 1 commit into from
Aug 25, 2020

Conversation

reliveyy
Copy link
Contributor

This PR generates 2048-bit TLS certificate instead of 1024-bit. Related to ExchangeUnion/xud-docker#533 (comment)

@reliveyy reliveyy requested a review from sangaman June 26, 2020 14:17
@reliveyy reliveyy self-assigned this Jun 26, 2020
@kilrau
Copy link
Contributor

kilrau commented Jun 26, 2020

As discussed on the call, @sangaman can take over this PR to see if there is an easy way to make changes like this backwards compatible

sangaman
sangaman reviewed Jun 26, 2020
View reviewed changes
lib/grpc/GrpcServer.ts Outdated
const cert = pki.createCertificate();

cert.publicKey = keys.publicKey;
cert.serialNumber = String(Math.floor(Math.random() * 1024) + 1);
cert.serialNumber = String(Math.floor(Math.random() * 2048) + 1);
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think this actually needs to change to use 2048 bit keys. Maybe we can make the serial number indicate that the cert is 2048 bit? Then we'd have an easy to check if existing certs are 2048 or 1024.

So something like this

cert.serialNumber = `2048-${String(Math.floor(Math.random() * 100000000))}`;

That would give us serial numbers that look like "2048-" followed by a random number up to 8 digits. And I could check if a cert is 2048 bit just by seeing if the serial number starts with "2048".

@kilrau kilrau requested a review from sangaman July 6, 2020 07:31
@kilrau
Copy link
Contributor

kilrau commented Jul 6, 2020

Would you still want to merge this one? @sangaman

@kilrau kilrau added the P3 low priority label Jul 6, 2020
sangaman
sangaman previously approved these changes Jul 6, 2020
View reviewed changes
Copy link
Collaborator

@sangaman sangaman left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me with the latest commit, just needs to squash the commit. Also this shouldn't be a chore commit but rather a feat since it's changing something functional with the code.

@kilrau
Copy link
Contributor

kilrau commented Jul 6, 2020

Could you squash and change the commit to the feat: prefix? @reliveyy

@sangaman sangaman changed the title chore: generate 2048-bit tls certs feat: generate 2048-bit tls certs Aug 25, 2020
@sangaman sangaman added the grpc gRPC API label Aug 25, 2020
@sangaman sangaman merged commit 7cb2f1c into master Aug 25, 2020
@sangaman sangaman deleted the 2048-tls branch August 25, 2020 19:12
This was referenced Aug 26, 2020
Open
Closed
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sangaman sangaman sangaman left review comments

Assignees

@sangaman sangaman

Labels
grpc gRPC API P3 low priority
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@reliveyy @kilrau @sangaman