From f80dc360c702e86d36c8af2cbceb60c13ce41eaf Mon Sep 17 00:00:00 2001 From: Matt Bogosian Date: Sat, 26 Sep 2015 02:49:40 -0700 Subject: [PATCH] Inspired by #1880 (and docker/compose#890 et al.). Make sure `ca.pem` subject is different from `cert.pem` subject to work-around OpenSSL bug. Signed-off-by: Matt Bogosian --- libmachine/cert/bootstrap.go | 5 +++-- libmachine/provision/utils.go | 2 +- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/libmachine/cert/bootstrap.go b/libmachine/cert/bootstrap.go index 00b568a120..ece60cdd7f 100644 --- a/libmachine/cert/bootstrap.go +++ b/libmachine/cert/bootstrap.go @@ -20,7 +20,8 @@ func BootstrapCertificates(authOptions *auth.AuthOptions) error { // TODO: I'm not super happy about this use of "org", the user should // have to specify it explicitly instead of implicitly basing it on // $USER. - org := mcnutils.GetUsername() + caOrg := mcnutils.GetUsername() + org := caOrg + "." bits := 2048 @@ -42,7 +43,7 @@ func BootstrapCertificates(authOptions *auth.AuthOptions) error { return errors.New("The CA key already exists. Please remove it or specify a different key/cert.") } - if err := GenerateCACertificate(caCertPath, caPrivateKeyPath, org, bits); err != nil { + if err := GenerateCACertificate(caCertPath, caPrivateKeyPath, caOrg, bits); err != nil { return fmt.Errorf("Generating CA certificate failed: %s", err) } } diff --git a/libmachine/provision/utils.go b/libmachine/provision/utils.go index 68f1e471d4..8504053ea8 100644 --- a/libmachine/provision/utils.go +++ b/libmachine/provision/utils.go @@ -63,7 +63,7 @@ func ConfigureAuth(p Provisioner) error { driver := p.GetDriver() machineName := driver.GetMachineName() authOptions := p.GetAuthOptions() - org := machineName + org := mcnutils.GetUsername() + "." + machineName bits := 2048 ip, err := driver.GetIP()