Re: [I] bug: 3.7.0 版本通过apisix-dashboard 创建的证书,会报找不到SNI [apisix-dashboard]

Fri, 24 May 2024 00:19:18 -0700 


wangchao732 commented on issue #2915:
URL: 
https://github.com/apache/apisix-dashboard/issues/2915#issuecomment-2128774806

   > Here is quick fix. This patch compatible with new apisix ssls api endpoint.
   > 
   > Tested with apisix-3.9.1
   > 
   > ```
   > diff -waur a/api/internal/handler/ssl/ssl.go 
b/api/internal/handler/ssl/ssl.go
   > --- a/api/internal/handler/ssl/ssl.go      2023-03-24 03:11:19.000000000 
+0300
   > +++ b/api/internal/handler/ssl/ssl.go      2024-05-23 19:49:51.161372590 
+0300
   > @@ -198,6 +198,9 @@
   >    for _, item := range ret.Rows {
   >            ssl := &entity.SSL{}
   >            _ = utils.ObjectClone(item, ssl)
   > +          x509_validity, _ := x509CertValidity(ssl.Cert)
   > +          ssl.ValidityStart = x509_validity.NotBefore
   > +          ssl.ValidityEnd = x509_validity.NotAfter
   >            ssl.Key = ""
   >            ssl.Keys = nil
   >            list = append(list, ssl)
   > @@ -327,6 +330,35 @@
   >    return nil, nil
   >  }
   > 
   > +// validity allows unmarshaling the certificate validity date range
   > +type validity struct {
   > +  NotBefore, NotAfter int64
   > +}
   > +
   > +func x509CertValidity(crt string) (*validity, error) {
   > +  if crt == "" {
   > +          return nil, consts.ErrSSLCertificate
   > +  }
   > +
   > +  certDERBlock, _ := pem.Decode([]byte(crt))
   > +  if certDERBlock == nil {
   > +          return nil, consts.ErrSSLCertificateResolution
   > +  }
   > +
   > +  x509Cert, err := x509.ParseCertificate(certDERBlock.Bytes)
   > +
   > +  if err != nil {
   > +          return nil, consts.ErrSSLCertificateResolution
   > +  }
   > +
   > +  val := validity{}
   > +
   > +  val.NotBefore = x509Cert.NotBefore.Unix()
   > +  val.NotAfter = x509Cert.NotAfter.Unix()
   > +
   > +  return &val, nil
   > +}
   > +
   >  func ParseCert(crt, key string) (*entity.SSL, error) {
   >    if crt == "" || key == "" {
   >            return nil, consts.ErrSSLCertificate
   > @@ -383,8 +415,6 @@
   > 
   >    ssl.Snis = snis
   >    ssl.Key = key
   > -  ssl.ValidityStart = x509Cert.NotBefore.Unix()
   > -  ssl.ValidityEnd = x509Cert.NotAfter.Unix()
   >    ssl.Cert = crt
   > 
   >    return &ssl, nil
   > @@ -424,6 +454,10 @@
   >            return nil, err
   >    }
   > 
   > +  x509_validity, _ := x509CertValidity(input.Cert)
   > +  ssl.ValidityStart = x509_validity.NotBefore
   > +  ssl.ValidityEnd = x509_validity.NotAfter
   > +
   >    return ssl, nil
   >  }
   > ```
   
   Do you mean for me to use apisix version 3.9.1?


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to