-
|
Dear CCF Team, I am testing a sample application on ccf-0.16.3. I launch one node using ../tests/sandbox/sandbox.sh -p ./liblogging.virtual.so -n ssh://local_ip:local_port,public_ip:public_port. However when I send curl requests using the generated networkcert.pem I get an error that no alternative certificate subject name matches the target host name 'public_ip'. The IP listed as X509v3 SAN is the 'local_ip'. Any suggestions on how to tackle this issue? |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
|
Hello @mohbehnia,
Unfortunately the --san flag in the sandbox script did not correctly forward those flags until #2267, so you will either need to cherry pick that patch to the python infra or wait for the next release to pick up the fix (likely towards the end of this week). The local IP is always added by the framework, to facilitate local operations, other additionals SANs must be specified manually. |
Beta Was this translation helpful? Give feedback.
Hello @mohbehnia,
cchostsupports setting the subject name on the network certificate, and SANs on the node certificates using the following command line switches:cchost --sn "CN=Some Name" --san "iPAddress:10.0.04" --san "dNSName:foo.domain.tld"Unfortunately the --san flag in the sandbox script did not correctly forward those flags until #2267, so you will either need to cherry pick that patch to the python infra or wait for the next release to pick up the fix (likely towards the end of this week).
The local IP is always added by the framework, to facilitate local operations, other additionals SANs must be specified manually.