Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

refactor(ssl): replace openssl dependency with node-forge #29

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

refactor(ssl): replace openssl dependency with node-forge #29

wants to merge 2 commits into from

Commits on Oct 16, 2018

  1. refactor(ssl): replace openssl dependency with node-forge 

    Fewer dependencies means better DX and UX! With this change, devcert no
longer requires a local installation of `openssl`.

The node-forge library:
 - implements the TLS standard
 - uses native crypto where available, with only a tiny perf hit
 - Configures keys and certificates using code, rather than external
 config file processing
 - generates PEM files, but also can connect keys, cAs, CSRs, and certs
   without bouncing off the filesystem

Notes:
- I had to try many times to get browsers and OSes to verify the chain.
  Ultimately I succeeded by:

  - Removing the `authorityKeyIdentifier` extension (considered
  redundant)
  - Generating serial numbers based on the ASN.1 standard
  - Removing all subject attributes but commonName

  I hope this remains an acceptable certificate configuration for all
  needs.

- TODO: This can be additionally refactored to remove some of the
  filesystem-dependent steps. For instance, you could change the way
  that child certificate generation accesses the root CA, by reading the
  PEM from the filesystem only once and then threading the CA cert
  object through the necessary arguments. This would speed up and
  simplify the code. I chose not to do it for this round, because it
  would be too large a change for you to safely integrate.

hore: remove openssl config files
    zetlen committed Oct 16, 2018
    Configuration menu
    Copy the full SHA
    f6e8775 View commit details
    Browse the repository at this point in the history

  2. fixup: accidental linting

    zetlen committed Oct 16, 2018
    Configuration menu
    Copy the full SHA
    0b2f67e View commit details
    Browse the repository at this point in the history