From bae28727bd00e02601b618fe3efe720a675a3e3a Mon Sep 17 00:00:00 2001
From: Anmol Sethi <hi@nhooyr.io>
Date: Fri, 30 Oct 2020 05:26:40 -0400
Subject: [PATCH] src/node/cli.ts: Add --cert-host to configure generated
 certificate hostname

---
 src/node/cli.ts     | 7 ++++++-
 src/node/entry.ts   | 2 +-
 src/node/util.ts    | 9 +++++----
 test/socket.test.ts | 2 +-
 4 files changed, 13 insertions(+), 7 deletions(-)

diff --git a/src/node/cli.ts b/src/node/cli.ts
index 1403d892..4ff35b44 100644
--- a/src/node/cli.ts
+++ b/src/node/cli.ts
@@ -26,6 +26,7 @@ export interface Args extends VsArgs {
   readonly auth?: AuthType
   readonly password?: string
   readonly cert?: OptionalString
+  readonly "cert-host"?: string
   readonly "cert-key"?: string
   readonly "disable-telemetry"?: boolean
   readonly help?: boolean
@@ -101,7 +102,11 @@ const options: Options<Required<Args>> = {
   cert: {
     type: OptionalString,
     path: true,
-    description: "Path to certificate. Generated if no path is provided.",
+    description: "Path to certificate. A self signed certificate is generated if none is provided.",
+  },
+  "cert-host": {
+    type: "string",
+    description: "Hostname to use when generating a self signed certificate.",
   },
   "cert-key": { type: "string", path: true, description: "Path to certificate key when using non-generated cert." },
   "disable-telemetry": { type: "boolean", description: "Disable telemetry." },
diff --git a/src/node/entry.ts b/src/node/entry.ts
index 3fbbb4cf..5184c434 100644
--- a/src/node/entry.ts
+++ b/src/node/entry.ts
@@ -160,7 +160,7 @@ const main = async (args: Args, configArgs: Args): Promise<void> => {
     proxyDomains: args["proxy-domain"],
     socket: args.socket,
     ...(args.cert && !args.cert.value
-      ? await generateCertificate()
+      ? await generateCertificate(args["cert-host"] || "localhost")
       : {
           cert: args.cert && args.cert.value,
           certKey: args["cert-key"],
diff --git a/src/node/util.ts b/src/node/util.ts
index 20880913..b4e175a3 100644
--- a/src/node/util.ts
+++ b/src/node/util.ts
@@ -54,9 +54,9 @@ export function humanPath(p?: string): string {
   return p.replace(os.homedir(), "~")
 }
 
-export const generateCertificate = async (): Promise<{ cert: string; certKey: string }> => {
-  const certPath = path.join(paths.data, "self-signed.crt")
-  const certKeyPath = path.join(paths.data, "self-signed.key")
+export const generateCertificate = async (hostname: string): Promise<{ cert: string; certKey: string }> => {
+  const certPath = path.join(paths.data, `${hostname.replace(/\./g, "_")}.crt`)
+  const certKeyPath = path.join(paths.data, `${hostname.replace(/\./g, "_")}.key`)
 
   const checks = await Promise.all([fs.pathExists(certPath), fs.pathExists(certKeyPath)])
   if (!checks[0] || !checks[1]) {
@@ -67,6 +67,7 @@ export const generateCertificate = async (): Promise<{ cert: string; certKey: st
       pem.createCertificate(
         {
           selfSigned: true,
+          commonName: hostname,
           config: `
 [req]
 req_extensions = v3_req
@@ -76,7 +77,7 @@ extendedKeyUsage = serverAuth
 subjectAltName = @alt_names
 
 [alt_names]
-DNS.1 = localhost
+DNS.1 = ${hostname}
 `,
         },
         (error, result) => {
diff --git a/test/socket.test.ts b/test/socket.test.ts
index 7d4de985..b1e974ad 100644
--- a/test/socket.test.ts
+++ b/test/socket.test.ts
@@ -45,7 +45,7 @@ describe("SocketProxyProvider", () => {
   }
 
   before(async () => {
-    const cert = await generateCertificate()
+    const cert = await generateCertificate("localhost")
     const options = {
       cert: fs.readFileSync(cert.cert),
       key: fs.readFileSync(cert.certKey),