Skip to content

Commit f80dc36

Browse files
positaposita
committed
Inspired by docker-archive-public#1880 (and docker/compose#890 et al.). Make sure ca.pem subject is different from cert.pem subject to work-around OpenSSL bug.
Signed-off-by: Matt Bogosian <mtb19@columbia.edu>
1 parent de5d052 commit f80dc36

File tree

2 files changed

+4
-3
lines changed

2 files changed

+4
-3
lines changed

libmachine/cert/bootstrap.go

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -20,7 +20,8 @@ func BootstrapCertificates(authOptions *auth.AuthOptions) error {
2020
// TODO: I'm not super happy about this use of "org", the user should
2121
// have to specify it explicitly instead of implicitly basing it on
2222
// $USER.
23-
org := mcnutils.GetUsername()
23+
caOrg := mcnutils.GetUsername()
24+
org := caOrg + ".<bootstrap>"
2425

2526
bits := 2048
2627

@@ -42,7 +43,7 @@ func BootstrapCertificates(authOptions *auth.AuthOptions) error {
4243
return errors.New("The CA key already exists. Please remove it or specify a different key/cert.")
4344
}
4445

45-
if err := GenerateCACertificate(caCertPath, caPrivateKeyPath, org, bits); err != nil {
46+
if err := GenerateCACertificate(caCertPath, caPrivateKeyPath, caOrg, bits); err != nil {
4647
return fmt.Errorf("Generating CA certificate failed: %s", err)
4748
}
4849
}

libmachine/provision/utils.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -63,7 +63,7 @@ func ConfigureAuth(p Provisioner) error {
6363
driver := p.GetDriver()
6464
machineName := driver.GetMachineName()
6565
authOptions := p.GetAuthOptions()
66-
org := machineName
66+
org := mcnutils.GetUsername() + "." + machineName
6767
bits := 2048
6868

6969
ip, err := driver.GetIP()

0 commit comments

Comments
 (0)