Initial commit

author Nick Downing <nick.downing@lifx.co>

Mon, 16 Mar 2020 02:56:39 +0000 (13:56 +1100)

committer Nick Downing <nick.downing@lifx.co>

Mon, 16 Mar 2020 03:32:44 +0000 (14:32 +1100)
author Nick Downing <nick.downing@lifx.co>
Mon, 16 Mar 2020 02:56:39 +0000 (13:56 +1100)
committer Nick Downing <nick.downing@lifx.co>
Mon, 16 Mar 2020 03:32:44 +0000 (14:32 +1100)
diff --git a/README.md b/README.md

new file mode 100644 (file)

index 0000000..fb4af35
--- /dev/null
+++ b/README.md
@@ -0,0 +1,41 @@
+### Simple HTTPS server
+
+To use this server, first run `./n.sh` in the `ssl` subdirectory if you need
+to, this will generate a certificate for your SSL server. It has just been run
+and the results checked in at the time of writing, but the certificate will
+expire periodically, so you may need to regenerate it before use.
+
+The certificate which has been generated is in `ssl/localhost_cert_bundle.pem`.
+It goes with the private key in `ssl/localhost.key`. Usually the private key
+is not regenerated when you run `./n.sh` but it can be if you uncomment a line.
+
+You can make your browser accept this certificate by adding the CA to your
+browser. Browsers are quite fussy about this and so some experimentation has
+gone in to creating the `./n.sh` script in such a way as to first create a CA
+and then create a certificate signed by that CA. To add the CA to your browser
+you need the file `ssl/ca_cert.pem`, which can be added via the settings menu.
+
+Having done all this, you should be able to run the HTTPS server by running
+`./simple_https_server.py` in the root of the repository. It will serve the
+current directory. We have placed an `index.html` file in the root for testing.
+You probably want to serve other files, so you can of course add them in also.
+
+When serving, navigate to `https://localhost:8443` in your browser and you
+should see the "Hello, world" message from the testing `index.html` file.
+
+We created this server so that we could easily serve configuration files or
+firmwares to IOT devices on our local network, which for security insist upon
+connecting via HTTPS. We compiled the CA certificate in to the device to make
+it work (IOT devices typically use only a single CA or a smaller set of CAs).
+
+When serving to the local network rather than `localhost`, you will probably
+want to use dotted-decimal notation such as `https://192.168.1.1:8443`. Then
+you must edit the `ssl/localhost.conf` and `ssl/localhost_ext.conf` to put in
+additional IP addresses, using the existing `IP.1 = 127.0.0.1` as an example.
+Once you have done this you will obviously need to regenerate the certificate.
+
+Note that `ssl/localhost_ext.conf` is a cut-down `ssl/localhost.conf` and must
+match. This was confusing when trying to add extra DNS or IP addresses and
+finding the certificate stubbornly included the old set. The reason we did it
+this way is because OpenSSL likes to strip extensions from the certificate in
+the signing process, so we use `ssl/localhost_ext.conf` to add them back in.
diff --git a/simple_https_server.py b/simple_https_server.py

new file mode 100755 (executable)

index 0000000..bb02bd4
--- /dev/null
+++ b/simple_https_server.py
@@ -0,0 +1,36 @@
+#!/usr/bin/env python3
+
+# Copyright (c) 2020 Nick Downing.
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+
+import http.server
+import ssl
+
+httpd = http.server.HTTPServer(
+  ('0.0.0.0', 8443),
+  http.server.SimpleHTTPRequestHandler
+)
+httpd.socket = ssl.wrap_socket(
+  httpd.socket, 
+  keyfile = 'ssl/localhost_key.pem', 
+  certfile = 'ssl/localhost_cert_bundle.pem',
+  server_side = True
+)
+httpd.serve_forever()
diff --git a/ssl/ca_cert.pem b/ssl/ca_cert.pem

index c4db8d8..f02ba86 100644 (file)
--- a/ssl/ca_cert.pem
+++ b/ssl/ca_cert.pem
@@ -1,8 +1,8 @@
  -----BEGIN CERTIFICATE-----
-MIIDazCCAlOgAwIBAgIUHS0UI6UJ6pE2o2FaPgcnjxikMW0wDQYJKoZIhvcNAQEL
+MIIDazCCAlOgAwIBAgIUVNcGxNAh1ItjCuDKE6SzqJaL2u4wDQYJKoZIhvcNAQEL
  BQAwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM
-GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0yMDAzMTYwMjM0NDVaFw0yMDA0
-MTUwMjM0NDVaMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEw
+GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0yMDAzMTYwMzI1MjJaFw0yMDA0
+MTUwMzI1MjJaMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEw
  HwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwggEiMA0GCSqGSIb3DQEB
  AQUAA4IBDwAwggEKAoIBAQDLY+eBF29tRNWwNb4uDdWUAs+7jDybeos94E8tgPKO
  JEc2flBwolka9GU357x9J5v2KCnOuCkKArhL2tmkms5f2F4Eezb/l9DnryUdckqC
@@ -11,11 +11,11 @@ sBwwfve8Ws8xqKryVFvzJM0QXiAjZvxMpLygdbnmjCKKVCY00Mfh20KqHYBMIMHa
  M0RhdRrvi8/2oPfRcMByjZdjn8BQ+yUwQXbzP2MC+iq87lLuxUxEYGaQU4nzIMH1
  7Ga05t6zhF41jqDnrbjKgbgxPGNNxvau/rrpCnr++NQ/AgMBAAGjUzBRMB0GA1Ud
  DgQWBBRBtnDR6bDQjBctACDXe2FTsASBEzAfBgNVHSMEGDAWgBRBtnDR6bDQjBct
-ACDXe2FTsASBEzAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQB+
-P04SITLD9M6QNRkVagJ2N1Fp5GPmwX/cNj/kFDvyW/5Wt7mloG7DBmz1G749kpIX
-Zcb7cjuSLEyxQGeF1fujq+yHtVGdx8fS9b50s+2oDlpIoCOkXqIG8ktIbRv6FtzC
-UfYGzBmqybw2byVOQ+FoJT7pGJwKWgTrGXlTkmjk39j/Qyv+V3NXjWH5CDIAnj7V
-+xTmySLHI68NVnIL2rBcgS/6eOS8nuuVIjSG+gZv8aHGl2btxZQCg/iDx1anRwpj
-Fy6o9yNoeWfEY5qFWVYKoNi5tC6JBsOYwgdN7VMGGeqadAzG0FnLKLxuvMqUHsSa
-1ywzBVq0Ab07rkaL0HKW
+ACDXe2FTsASBEzAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAi
+BAZlvXp/YjZZzSnsGOYFaXaW91vyVLjZa6b6pXayBRgVXSqrAtzZdELcq4TahwCS
+H9lVuliW3fgpeECS2yWCJR0S9K8YoRsbaHyaa82QHy5QXlf3DrwpZXjpqeaYE+RS
+Ww8wvzN7iz8Q9IkoZpn70XE33/EsZZyk+6hynSh8mayN5tGSe+cdCcin+1BGpJKg
+BjOG0nNkszbSQnY6AmvgFXd6ynJ9SjF3ttzo7rDvYSNQa/+OcmK+XNbnWwKguwKY
+cikuqg4CTumGFuE8oATcMeOeY6DGLporz/Xi2W5+iZrrYkP+49By1DMx0QEJcXQX
+2nFAGnlbM8QADmSwKieR
  -----END CERTIFICATE-----
diff --git a/ssl/ca_cert.srl b/ssl/ca_cert.srl

index b882cea..ca30850 100644 (file)
--- a/ssl/ca_cert.srl
+++ b/ssl/ca_cert.srl
@@ -1 +1 @@
-D29D1C6A226490AD
+D29D1C6A226490B5
diff --git a/ssl/localhost.conf b/ssl/localhost.conf

index 6fc7426..feee92d 100644 (file)
--- a/ssl/localhost.conf
+++ b/ssl/localhost.conf
@@ -82,5 +82,6 @@ subjectKeyIdentifier = hash
  #DNS.4 = oats.org
  #DNS.5 = oats.net
  #DNS.6 = oats.in
+IP.1 = 127.0.0.1
  DNS.1 = localhost
  DNS.2 = localhost.localdomain
diff --git a/ssl/localhost_cert.pem b/ssl/localhost_cert.pem

index 1b3206f..d689cae 100644 (file)
--- a/ssl/localhost_cert.pem
+++ b/ssl/localhost_cert.pem
@@ -1,7 +1,7 @@
  -----BEGIN CERTIFICATE-----
-MIIDgDCCAmigAwIBAgIJANKdHGoiZJCtMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV
+MIIDhjCCAm6gAwIBAgIJANKdHGoiZJC1MA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV
  BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX
-aWRnaXRzIFB0eSBMdGQwHhcNMjAwMzE2MDIzNDQ1WhcNMjAwNDE1MDIzNDQ1WjBf
+aWRnaXRzIFB0eSBMdGQwHhcNMjAwMzE2MDMyNTIyWhcNMjAwNDE1MDMyNTIyWjBf
  MQswCQYDVQQGEwJQVDEPMA0GA1UECAwGTGlzYm9hMQ8wDQYDVQQHDAZMaXNib2Ex
  GjAYBgNVBAoMEU9hdHMgSW4gVGhlIFdhdGVyMRIwEAYDVQQDDAlsb2NhbGhvc3Qw
  ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDJLav5I1Dxx9Lzv7DyHig
@@ -10,12 +10,12 @@ Zgm5MmC6tewiol76lsjehUKuG+DmT3n79xSHsj5PC6wkE/IkifcQIeGVJWgQbRR4
  JSGaX4tmmpxNrDDgpVnaXEO8I5KR/jvniAn2DoTKlY5XSIUXlbZQPHdlLdLUU7in
  5M19b9qnIdJRxa4mcOWNtsUHU16SJZAmQBmg4vAhMc4XyJ23YE8cNxUxusKrhoUB
  sWmvjGgbbaYgtwBmCFQNSFiJhyzgg6sdUot7wVXDkXBTJPQRQO82CJyw6YoDnTCL
-AgMBAAGjWTBXMAkGA1UdEwQCMAAwKwYDVR0RBCQwIoIJbG9jYWxob3N0ghVsb2Nh
-bGhvc3QubG9jYWxkb21haW4wHQYDVR0OBBYEFPKfGhTkosDI90l245Si/Ce/CLr/
-MA0GCSqGSIb3DQEBCwUAA4IBAQBHSHgAnIC3GKeoQDr7b/dReXuhHCl/+OUZFHsI
-Bn2rIF7YBPzBEaREpZnNt9MB0g6XvMHMHN2r7j0LWTfXe7/pDrVmwnh2OlHMy8UQ
-6QEs9QE7kPF0RhnQ8ImIBISCMf5kPDveAB3WCZKRb8OB3LSJ7kWWpS0PEax/wdD1
-MPd7cqVT5JafyZNU1DsKxdSok+a6q7a5tooD5Ha72Z5azsXFE+xSu72fMpXZcq8g
-uPuE4f6EW0xRn6/wMN1dgz4+wNkVDztgo2WdTA5pNI8dy3A7fDMXT9ukUWyazlr8
-53Fdb9zti7pMicA8kfVRExtQPRX9VCy7NH4UETkRBPr/VmS3
+AgMBAAGjXzBdMAkGA1UdEwQCMAAwMQYDVR0RBCowKIcEfwAAAYIJbG9jYWxob3N0
+ghVsb2NhbGhvc3QubG9jYWxkb21haW4wHQYDVR0OBBYEFPKfGhTkosDI90l245Si
+/Ce/CLr/MA0GCSqGSIb3DQEBCwUAA4IBAQB2IznGNFVkakv9zd6BBIQeQqkoG/ZW
+Cl6Emq2maCXsJ3Dsp5HUJWqKfop9JXpTXQkGsUFcJX02N8FEYrSsjiF/pzcWsLKk
+RJo9rwgrSbhEQBWgenqnrG0a6uBrbJcP3aDPxpawOfMfrCRQCuSJ6dE8y5MLufyF
++vYuCVHpHvSU8S3M7gd775VMFCKJu0VTlKuyhptVJ9WGf1mgtu5MFeKImeklEQS8
+NGQdd3Vx3Caw07YnTZ3mSkXTti4kzhl6Aw/Up6XLu502rwNHJWfHf+ihY3t3cASu
+yEANvXXZZYJFd+XC909x0h2n6ho4thvlSoew/HZwmywKOm4Pw654v9ZN
  -----END CERTIFICATE-----
diff --git a/ssl/localhost_cert_bundle.pem b/ssl/localhost_cert_bundle.pem

index 0c1c9db..8a33ce6 100644 (file)
--- a/ssl/localhost_cert_bundle.pem
+++ b/ssl/localhost_cert_bundle.pem
@@ -1,7 +1,7 @@
  -----BEGIN CERTIFICATE-----
-MIIDgDCCAmigAwIBAgIJANKdHGoiZJCtMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV
+MIIDhjCCAm6gAwIBAgIJANKdHGoiZJC1MA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV
  BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX
-aWRnaXRzIFB0eSBMdGQwHhcNMjAwMzE2MDIzNDQ1WhcNMjAwNDE1MDIzNDQ1WjBf
+aWRnaXRzIFB0eSBMdGQwHhcNMjAwMzE2MDMyNTIyWhcNMjAwNDE1MDMyNTIyWjBf
  MQswCQYDVQQGEwJQVDEPMA0GA1UECAwGTGlzYm9hMQ8wDQYDVQQHDAZMaXNib2Ex
  GjAYBgNVBAoMEU9hdHMgSW4gVGhlIFdhdGVyMRIwEAYDVQQDDAlsb2NhbGhvc3Qw
  ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDJLav5I1Dxx9Lzv7DyHig
@@ -10,20 +10,20 @@ Zgm5MmC6tewiol76lsjehUKuG+DmT3n79xSHsj5PC6wkE/IkifcQIeGVJWgQbRR4
  JSGaX4tmmpxNrDDgpVnaXEO8I5KR/jvniAn2DoTKlY5XSIUXlbZQPHdlLdLUU7in
  5M19b9qnIdJRxa4mcOWNtsUHU16SJZAmQBmg4vAhMc4XyJ23YE8cNxUxusKrhoUB
  sWmvjGgbbaYgtwBmCFQNSFiJhyzgg6sdUot7wVXDkXBTJPQRQO82CJyw6YoDnTCL
-AgMBAAGjWTBXMAkGA1UdEwQCMAAwKwYDVR0RBCQwIoIJbG9jYWxob3N0ghVsb2Nh
-bGhvc3QubG9jYWxkb21haW4wHQYDVR0OBBYEFPKfGhTkosDI90l245Si/Ce/CLr/
-MA0GCSqGSIb3DQEBCwUAA4IBAQBHSHgAnIC3GKeoQDr7b/dReXuhHCl/+OUZFHsI
-Bn2rIF7YBPzBEaREpZnNt9MB0g6XvMHMHN2r7j0LWTfXe7/pDrVmwnh2OlHMy8UQ
-6QEs9QE7kPF0RhnQ8ImIBISCMf5kPDveAB3WCZKRb8OB3LSJ7kWWpS0PEax/wdD1
-MPd7cqVT5JafyZNU1DsKxdSok+a6q7a5tooD5Ha72Z5azsXFE+xSu72fMpXZcq8g
-uPuE4f6EW0xRn6/wMN1dgz4+wNkVDztgo2WdTA5pNI8dy3A7fDMXT9ukUWyazlr8
-53Fdb9zti7pMicA8kfVRExtQPRX9VCy7NH4UETkRBPr/VmS3
+AgMBAAGjXzBdMAkGA1UdEwQCMAAwMQYDVR0RBCowKIcEfwAAAYIJbG9jYWxob3N0
+ghVsb2NhbGhvc3QubG9jYWxkb21haW4wHQYDVR0OBBYEFPKfGhTkosDI90l245Si
+/Ce/CLr/MA0GCSqGSIb3DQEBCwUAA4IBAQB2IznGNFVkakv9zd6BBIQeQqkoG/ZW
+Cl6Emq2maCXsJ3Dsp5HUJWqKfop9JXpTXQkGsUFcJX02N8FEYrSsjiF/pzcWsLKk
+RJo9rwgrSbhEQBWgenqnrG0a6uBrbJcP3aDPxpawOfMfrCRQCuSJ6dE8y5MLufyF
++vYuCVHpHvSU8S3M7gd775VMFCKJu0VTlKuyhptVJ9WGf1mgtu5MFeKImeklEQS8
+NGQdd3Vx3Caw07YnTZ3mSkXTti4kzhl6Aw/Up6XLu502rwNHJWfHf+ihY3t3cASu
+yEANvXXZZYJFd+XC909x0h2n6ho4thvlSoew/HZwmywKOm4Pw654v9ZN
  -----END CERTIFICATE-----
  -----BEGIN CERTIFICATE-----
-MIIDazCCAlOgAwIBAgIUHS0UI6UJ6pE2o2FaPgcnjxikMW0wDQYJKoZIhvcNAQEL
+MIIDazCCAlOgAwIBAgIUVNcGxNAh1ItjCuDKE6SzqJaL2u4wDQYJKoZIhvcNAQEL
  BQAwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM
-GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0yMDAzMTYwMjM0NDVaFw0yMDA0
-MTUwMjM0NDVaMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEw
+GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0yMDAzMTYwMzI1MjJaFw0yMDA0
+MTUwMzI1MjJaMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEw
  HwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwggEiMA0GCSqGSIb3DQEB
  AQUAA4IBDwAwggEKAoIBAQDLY+eBF29tRNWwNb4uDdWUAs+7jDybeos94E8tgPKO
  JEc2flBwolka9GU357x9J5v2KCnOuCkKArhL2tmkms5f2F4Eezb/l9DnryUdckqC
@@ -32,11 +32,11 @@ sBwwfve8Ws8xqKryVFvzJM0QXiAjZvxMpLygdbnmjCKKVCY00Mfh20KqHYBMIMHa
  M0RhdRrvi8/2oPfRcMByjZdjn8BQ+yUwQXbzP2MC+iq87lLuxUxEYGaQU4nzIMH1
  7Ga05t6zhF41jqDnrbjKgbgxPGNNxvau/rrpCnr++NQ/AgMBAAGjUzBRMB0GA1Ud
  DgQWBBRBtnDR6bDQjBctACDXe2FTsASBEzAfBgNVHSMEGDAWgBRBtnDR6bDQjBct
-ACDXe2FTsASBEzAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQB+
-P04SITLD9M6QNRkVagJ2N1Fp5GPmwX/cNj/kFDvyW/5Wt7mloG7DBmz1G749kpIX
-Zcb7cjuSLEyxQGeF1fujq+yHtVGdx8fS9b50s+2oDlpIoCOkXqIG8ktIbRv6FtzC
-UfYGzBmqybw2byVOQ+FoJT7pGJwKWgTrGXlTkmjk39j/Qyv+V3NXjWH5CDIAnj7V
-+xTmySLHI68NVnIL2rBcgS/6eOS8nuuVIjSG+gZv8aHGl2btxZQCg/iDx1anRwpj
-Fy6o9yNoeWfEY5qFWVYKoNi5tC6JBsOYwgdN7VMGGeqadAzG0FnLKLxuvMqUHsSa
-1ywzBVq0Ab07rkaL0HKW
+ACDXe2FTsASBEzAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAi
+BAZlvXp/YjZZzSnsGOYFaXaW91vyVLjZa6b6pXayBRgVXSqrAtzZdELcq4TahwCS
+H9lVuliW3fgpeECS2yWCJR0S9K8YoRsbaHyaa82QHy5QXlf3DrwpZXjpqeaYE+RS
+Ww8wvzN7iz8Q9IkoZpn70XE33/EsZZyk+6hynSh8mayN5tGSe+cdCcin+1BGpJKg
+BjOG0nNkszbSQnY6AmvgFXd6ynJ9SjF3ttzo7rDvYSNQa/+OcmK+XNbnWwKguwKY
+cikuqg4CTumGFuE8oATcMeOeY6DGLporz/Xi2W5+iZrrYkP+49By1DMx0QEJcXQX
+2nFAGnlbM8QADmSwKieR
  -----END CERTIFICATE-----
diff --git a/ssl/localhost_csr.pem b/ssl/localhost_csr.pem

index b28c691..65b429d 100644 (file)
--- a/ssl/localhost_csr.pem
+++ b/ssl/localhost_csr.pem
@@ -1,5 +1,5 @@
  -----BEGIN CERTIFICATE REQUEST-----
-MIIDDDCCAfQCAQAwXzELMAkGA1UEBhMCUFQxDzANBgNVBAgMBkxpc2JvYTEPMA0G
+MIIDEjCCAfoCAQAwXzELMAkGA1UEBhMCUFQxDzANBgNVBAgMBkxpc2JvYTEPMA0G
  A1UEBwwGTGlzYm9hMRowGAYDVQQKDBFPYXRzIEluIFRoZSBXYXRlcjESMBAGA1UE
  AwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwyS2
  r+SNQ8cfS87+w8h4oAKSJJvVPLXESrjN0OKt8Y/D9lZkh1R2dBX4yrPzWfIS4t4K
@@ -7,13 +7,13 @@ PhMxqJZokSjwO1fVEGYJuTJgurXsIqJe+pbI3oVCrhvg5k95+/cUh7I+TwusJBPy
  JIn3ECHhlSVoEG0UeCUhml+LZpqcTaww4KVZ2lxDvCOSkf4754gJ9g6EypWOV0iF
  F5W2UDx3ZS3S1FO4p+TNfW/apyHSUcWuJnDljbbFB1NekiWQJkAZoOLwITHOF8id
  t2BPHDcVMbrCq4aFAbFpr4xoG22mILcAZghUDUhYiYcs4IOrHVKLe8FVw5FwUyT0
-EUDvNgicsOmKA50wiwIDAQABoGgwZgYJKoZIhvcNAQkOMVkwVzAJBgNVHRMEAjAA
-MCsGA1UdEQQkMCKCCWxvY2FsaG9zdIIVbG9jYWxob3N0LmxvY2FsZG9tYWluMB0G
-A1UdDgQWBBTynxoU5KLAyPdJduOUovwnvwi6/zANBgkqhkiG9w0BAQUFAAOCAQEA
-L4XofNRjzahIDCj/pHVnsaXtioidv5Hp0vE+9LPhzZz/bH/e7s8lJnTalEkPNUxD
-FPwiRar6MILQwn5N1b+kToSoiYDsCL77Y5WSlhcwe7gLwgDTlNwu2H030BZEr0ve
-AEAems45TJk8o3kC5s3dt0KaGbRikub1HMTpFrlQUBLbO848t6qXcZCVjoAWYKlp
-jaYn7r3bWVyZ2W2oIlQ19Tbxz+kG81Vxrg1FtAo7aBHTaOvEskgnEQ2Emc0mbLoe
-YoT0Gg7Vrurl+T5gazmV1WMKszSjP8NKhTUcMESiRIUsmQczWiDBONiH9PGmGKHI
-7aEBzQIK7m3goyS3I4q6nw==
+EUDvNgicsOmKA50wiwIDAQABoG4wbAYJKoZIhvcNAQkOMV8wXTAJBgNVHRMEAjAA
+MDEGA1UdEQQqMCiHBH8AAAGCCWxvY2FsaG9zdIIVbG9jYWxob3N0LmxvY2FsZG9t
+YWluMB0GA1UdDgQWBBTynxoU5KLAyPdJduOUovwnvwi6/zANBgkqhkiG9w0BAQUF
+AAOCAQEAEt695dnLUIBY8Dv+E1VveCURqV9CS+pYZ+ZZqiXYv6deEPHTizHbrmSK
+U2IdCP/IIUL5vtSn3Rlhxif6hNE78Qc1c0qbkIqj464etGgCRwSlIHCxL9OXoDqE
+AMHsql/qtAG1+Oh0J9tRRbcXde2MMeQzipvlSJK/cl4SqTEKy8x9i8vat9RMxbPa
+7YXcDQcezIquuFCncseux3hi19IvBiFMoBaZIo3jfFs7MBaP10pO0O/2cRwgHJMv
+ZrhCaTul6SI+6MJtb9/l3oKLVA7Ti6x6YyVNtgePy+Pyir4mE+iCNW3XIDutb6PH
+/d/WLIcNRFuSV8cSmwa7rG5z8R0kZg==
  -----END CERTIFICATE REQUEST-----
diff --git a/ssl/localhost_ext.conf b/ssl/localhost_ext.conf

index d5005dc..5606c88 100644 (file)
--- a/ssl/localhost_ext.conf
+++ b/ssl/localhost_ext.conf
@@ -1,3 +1,23 @@
+# Copyright (c) 2020 Nick Downing.
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+
  basicConstraints=CA:FALSE
  subjectAltName=@my_subject_alt_names
  subjectKeyIdentifier = hash
@@ -9,5 +29,6 @@ subjectKeyIdentifier = hash
  #DNS.4 = oats.org
  #DNS.5 = oats.net
  #DNS.6 = oats.in
+IP.1 = 127.0.0.1
  DNS.1 = localhost
  DNS.2 = localhost.localdomain
author	Nick Downing <nick.downing@lifx.co>
	Mon, 16 Mar 2020 02:56:39 +0000 (13:56 +1100)
committer	Nick Downing <nick.downing@lifx.co>
	Mon, 16 Mar 2020 03:32:44 +0000 (14:32 +1100)
README.md	[new file with mode: 0644]	patch \| blob
simple_https_server.py	[new file with mode: 0755]	patch \| blob
ssl/ca_cert.pem		patch \| blob \| history
ssl/ca_cert.srl		patch \| blob \| history
ssl/localhost.conf		patch \| blob \| history
ssl/localhost_cert.pem		patch \| blob \| history
ssl/localhost_cert_bundle.pem		patch \| blob \| history
ssl/localhost_csr.pem		patch \| blob \| history
ssl/localhost_ext.conf		patch \| blob \| history