Re: [I] bug: 3.7.0 版本通过apisix-dashboard 创建的证书,会报找不到SNI [apisix-dashboard]

Thu, 23 May 2024 10:09:06 -0700 


fatihusta commented on issue #2915:
URL: 
https://github.com/apache/apisix-dashboard/issues/2915#issuecomment-2127662316

   Here is quick fix.
   This patch compatible with new apisix ssls api endpoint.
   
   Tested with apisix-3.9.1
   
   ```
   diff -waur a/api/internal/handler/ssl/ssl.go 
b/api/internal/handler/ssl/ssl.go
   --- a/api/internal/handler/ssl/ssl.go        2023-03-24 03:11:19.000000000 
+0300
   +++ b/api/internal/handler/ssl/ssl.go        2024-05-23 19:49:51.161372590 
+0300
   @@ -198,6 +198,9 @@
        for _, item := range ret.Rows {
                ssl := &entity.SSL{}
                _ = utils.ObjectClone(item, ssl)
   +            x509_validity, _ := x509CertValidity(ssl.Cert)
   +            ssl.ValidityStart = x509_validity.NotBefore
   +            ssl.ValidityEnd = x509_validity.NotAfter
                ssl.Key = ""
                ssl.Keys = nil
                list = append(list, ssl)
   @@ -327,6 +330,35 @@
        return nil, nil
    }
   
   +// validity allows unmarshaling the certificate validity date range
   +type validity struct {
   +    NotBefore, NotAfter int64
   +}
   +
   +func x509CertValidity(crt string) (*validity, error) {
   +    if crt == "" {
   +            return nil, consts.ErrSSLCertificate
   +    }
   +
   +    certDERBlock, _ := pem.Decode([]byte(crt))
   +    if certDERBlock == nil {
   +            return nil, consts.ErrSSLCertificateResolution
   +    }
   +
   +    x509Cert, err := x509.ParseCertificate(certDERBlock.Bytes)
   +
   +    if err != nil {
   +            return nil, consts.ErrSSLCertificateResolution
   +    }
   +
   +    val := validity{}
   +
   +    val.NotBefore = x509Cert.NotBefore.Unix()
   +    val.NotAfter = x509Cert.NotAfter.Unix()
   +
   +    return &val, nil
   +}
   +
    func ParseCert(crt, key string) (*entity.SSL, error) {
        if crt == "" || key == "" {
                return nil, consts.ErrSSLCertificate
   @@ -383,8 +415,6 @@
   
        ssl.Snis = snis
        ssl.Key = key
   -    ssl.ValidityStart = x509Cert.NotBefore.Unix()
   -    ssl.ValidityEnd = x509Cert.NotAfter.Unix()
        ssl.Cert = crt
   
        return &ssl, nil
   @@ -424,6 +454,10 @@
                return nil, err
        }
   
   +    x509_validity, _ := x509CertValidity(input.Cert)
   +    ssl.ValidityStart = x509_validity.NotBefore
   +    ssl.ValidityEnd = x509_validity.NotAfter
   +
        return ssl, nil
    }
   ```


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to