Skip to content

Commit 421c93b

Browse files
wagoodmanwagoodman
authored
remove disallowed characters from hostname before cert generation (#2800)
Signed-off-by: Alex Goodman <[email protected]>
1 parent c147d66 commit 421c93b

File tree

1 file changed

+5
-3
lines changed

1 file changed

+5
-3
lines changed

grype/db/v5/distribution/test-fixtures/tls/generate-x509-cert-pair.sh

Lines changed: 5 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,9 @@
11
#!/usr/bin/env bash
22
set -eux
33

4+
# we want to still use this on systems where there could be invalid characters in the hostname (e.g. ' or " characters)
5+
HOSTNAME=$(hostname | sed "s/['']/'/g" | sed 's/[^a-zA-Z0-9.-]/-/g')
6+
47
# create private key
58
openssl genrsa -out server.key 2048
69

@@ -11,6 +14,5 @@ openssl req -new -x509 -sha256 \
1114
-days 3650 \
1215
-reqexts SAN \
1316
-extensions SAN \
14-
-config <(cat /etc/ssl/openssl.cnf <(printf "[SAN]\nsubjectAltName=DNS:$(hostname).local")) \
15-
-subj "/C=US/ST=Test/L=Test/O=Test/CN=$(hostname).local"
16-
17+
-config <(cat /etc/ssl/openssl.cnf <(printf "[SAN]\nsubjectAltName=DNS:$HOSTNAME.local")) \
18+
-subj "/C=US/ST=Test/L=Test/O=Test/CN=$HOSTNAME.local"

0 commit comments

Comments
 (0)