From 8b85006996847580b10092c4b57697f2c3eef5e4 Mon Sep 17 00:00:00 2001 From: Anmol Sethi Date: Fri, 30 Oct 2020 04:35:08 -0400 Subject: [PATCH] src/node/util.ts: Make certificate generation "modern" Now we add a subject alt name, set extendedKeyUsage and use the correct certificate extension. The above allow it to be properly trusted by iOS. See https://support.apple.com/en-us/HT210176 *.cert isn't a real extension for certificates, *.crt is correct for it to be recognized by e.g. keychain or when importing as a profile into iOS. Updates #1566 I've been able to successfully connect from my iPad Pro now to my code-server instance with a self signed certificate! Next commit will be docs. --- doc/FAQ.md | 2 +- src/node/util.ts | 24 ++++++++++++++++++++---- 2 files changed, 21 insertions(+), 5 deletions(-) diff --git a/doc/FAQ.md b/doc/FAQ.md index 694a0722..5d1407d1 100644 --- a/doc/FAQ.md +++ b/doc/FAQ.md @@ -145,7 +145,7 @@ pass in an existing certificate by providing the path to `--cert` and the path t the key with `--cert-key`. The self signed certificate will be generated into -`~/.local/share/code-server/self-signed.cert`. +`~/.local/share/code-server/self-signed.crt`. If `code-server` has been passed a certificate it will also respond to HTTPS requests and will redirect all HTTP requests to HTTPS. diff --git a/src/node/util.ts b/src/node/util.ts index ee1e85be..20880913 100644 --- a/src/node/util.ts +++ b/src/node/util.ts @@ -55,7 +55,7 @@ export function humanPath(p?: string): string { } export const generateCertificate = async (): Promise<{ cert: string; certKey: string }> => { - const certPath = path.join(paths.data, "self-signed.cert") + const certPath = path.join(paths.data, "self-signed.crt") const certKeyPath = path.join(paths.data, "self-signed.key") const checks = await Promise.all([fs.pathExists(certPath), fs.pathExists(certKeyPath)]) @@ -64,9 +64,25 @@ export const generateCertificate = async (): Promise<{ cert: string; certKey: st // generate certificates. const pem = require("pem") as typeof import("pem") const certs = await new Promise((resolve, reject): void => { - pem.createCertificate({ selfSigned: true }, (error, result) => { - return error ? reject(error) : resolve(result) - }) + pem.createCertificate( + { + selfSigned: true, + config: ` +[req] +req_extensions = v3_req + +[ v3_req ] +extendedKeyUsage = serverAuth +subjectAltName = @alt_names + +[alt_names] +DNS.1 = localhost +`, + }, + (error, result) => { + return error ? reject(error) : resolve(result) + }, + ) }) await fs.mkdirp(paths.data) await Promise.all([fs.writeFile(certPath, certs.certificate), fs.writeFile(certKeyPath, certs.serviceKey)])