gnosis/lighthouse
1
0
Fork 0
mirror of https://github.com/sigp/lighthouse.git synced 2026-03-03 00:31:50 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
2ce6b51269708a1c28c69a3241028522ebc153df
lighthouse/testing/web3signer_tests/tls/generate.sh
Akihito Nakano 8e891a8bfd Fix web3signer test fails on macOS (#6588) 
* Add lighthouse/key_legacy.p12 for macOS

* Specify `-days 825` to meet Apple's requirements for TLS server certificates

* Remove `-aes256` as it's ignored on exporting

The following warning will appear:
Warning: output encryption option -aes256 ignored with -export

* Update certificates and keys
2024-12-16 05:44:02 +00:00

21 lines
1.8 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
# The lighthouse/key_legacy.p12 file is generated specifically for macOS because the default `openssl pkcs12` encoding
# algorithm in OpenSSL v3 is not compatible with the PKCS algorithm used by the Apple Security Framework. The client
# side (using the reqwest crate) relies on the Apple Security Framework to parse PKCS files.
# We don't need to generate web3signer/key_legacy.p12 because the compatibility issue doesn't occur on the web3signer
# side. It seems that web3signer (Java) uses its own implementation to parse PKCS files.
# See https://github.com/sigp/lighthouse/issues/6442#issuecomment-2469252651
# We specify `-days 825` when generating the certificate files because Apple requires TLS server certificates to have a
# validity period of 825 days or fewer.
# See https://github.com/sigp/lighthouse/issues/6442#issuecomment-2474979183
openssl req -x509 -sha256 -nodes -days 825 -newkey rsa:4096 -keyout web3signer/key.key -out web3signer/cert.pem -config web3signer/config &&
openssl pkcs12 -export -out web3signer/key.p12 -inkey web3signer/key.key -in web3signer/cert.pem -password pass:$(cat web3signer/password.txt) &&
cp web3signer/cert.pem lighthouse/web3signer.pem &&
openssl req -x509 -sha256 -nodes -days 825 -newkey rsa:4096 -keyout lighthouse/key.key -out lighthouse/cert.pem -config lighthouse/config &&
openssl pkcs12 -export -out lighthouse/key.p12 -inkey lighthouse/key.key -in lighthouse/cert.pem -password pass:$(cat lighthouse/password.txt) &&
openssl pkcs12 -export -legacy -out lighthouse/key_legacy.p12 -inkey lighthouse/key.key -in lighthouse/cert.pem -password pass:$(cat lighthouse/password.txt) &&
openssl x509 -noout -fingerprint -sha256 -inform pem -in lighthouse/cert.pem | cut -b 20-| sed "s/^/lighthouse /" > web3signer/known_clients.txt
Reference in New Issue View Git Blame Copy Permalink