KumiSystems/openwrtv4
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
openwrtv4/package/network
History
Hannu Nyman 9097dc5ad8 uhttpd: create self-signed certificates with unique subjects 
Add a partially random O= item to the certificate subject in order
to make the automatically generated certificates' subjects unique.

Firefox has problems when several self-signed certificates
with CA:true attribute and identical subjects have been
seen (and stored) by the browser. Reference to upstream bugs:
https://bugzilla.mozilla.org/show_bug.cgi?id=1147544
https://bugzilla.mozilla.org/show_bug.cgi?id=1056341
https://bugzilla.redhat.com/show_bug.cgi?id=1204670#c34

Certificates created by the OpenSSL one-liner fall into that category.

Avoid identical certificate subjects by including a new 'O=' item
with CommonName + a random part (8 chars). Example:
/CN=LEDE/O=LEDEb986be0b/L=Unknown/ST=Somewhere/C=ZZ

That ensures that the browser properly sees the accumulating
certificates as separate items and does not spend time
trying to form a trust chain from them.

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
2016-10-26 15:16:52 +02:00
..
config netifd: Request DHCP option 121 (classless route) by default 2016-10-26 15:16:51 +02:00
ipv6 network/ipv6/map: drop Build/Prepare rule in favor of default one 2016-10-15 11:36:52 +02:00
services uhttpd: create self-signed certificates with unique subjects 2016-10-26 15:16:52 +02:00
utils wwan: rename data files 2016-10-26 15:16:51 +02:00