diff options
| author | Hannu Nyman <hannu.nyman@iki.fi> | 2016-10-06 20:37:59 +0300 |
|---|---|---|
| committer | John Crispin <john@phrozen.org> | 2016-10-26 15:16:52 +0200 |
| commit | 9097dc5ad844c336020be11085e1c8c80390ac9c (patch) | |
| tree | 9ef04dec717c6f62ded30f4277537b5d110679cb /include | |
| parent | 82132540a3efbc98f8f4379b26d4b4541013e69d (diff) | |
| download | upstream-9097dc5ad844c336020be11085e1c8c80390ac9c.tar.gz upstream-9097dc5ad844c336020be11085e1c8c80390ac9c.tar.bz2 upstream-9097dc5ad844c336020be11085e1c8c80390ac9c.zip | |
uhttpd: create self-signed certificates with unique subjects
Add a partially random O= item to the certificate subject in order
to make the automatically generated certificates' subjects unique.
Firefox has problems when several self-signed certificates
with CA:true attribute and identical subjects have been
seen (and stored) by the browser. Reference to upstream bugs:
https://bugzilla.mozilla.org/show_bug.cgi?id=1147544
https://bugzilla.mozilla.org/show_bug.cgi?id=1056341
https://bugzilla.redhat.com/show_bug.cgi?id=1204670#c34
Certificates created by the OpenSSL one-liner fall into that category.
Avoid identical certificate subjects by including a new 'O=' item
with CommonName + a random part (8 chars). Example:
/CN=LEDE/O=LEDEb986be0b/L=Unknown/ST=Somewhere/C=ZZ
That ensures that the browser properly sees the accumulating
certificates as separate items and does not spend time
trying to form a trust chain from them.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Diffstat (limited to 'include')
0 files changed, 0 insertions, 0 deletions