Mercurial > libervia-backend
view docker/backend-dev-e2e/certificates/README @ 3884:cea52400623d
component AP gateway: work around encoding bug in Mastodon:
Mastodon in wrongly unquoting URL path in `(request-target)`, and thus Libervia was doing
the same to check signature. However that doesn't work with Pleroma which is using the
path value used in the request (percent-encoded), and thus Pleroma signature were
rejected.
To work around that, signature is first checked without unquoting, and if this fails a new
check is done with unquoting.
Bug has been reported at https://github.com/mastodon/mastodon/issues/18871
rel 371
| author | Goffi <goffi@goffi.org> |
|---|---|
| date | Wed, 31 Aug 2022 17:07:03 +0200 |
| parents | 73e04040d577 |
| children |
line wrap: on
line source
Those certificates are used to activate TLS for end-2-end testing (to be as close as possible as production environment), they are used in other containers needing TLS certificates (notably Prosody). To generate them, minica has been used. Minica can be found at https://github.com/jsha/minica. The following commands have been used: $ minica --domains "server1.test,*.server1.test,server2.test,server3.test,libervia-backend.test,libervia-web.test" $ chmod 0644 minica.pem server1.test/cert.pem && chmod 0640 server1.test/key.pem Note that certificates are valid for 2 years and 30 days, so they must be renewed after this delay.