phpmon/laravel-valet
1
0
Fork 0
mirror of https://github.com/laravel/valet.git synced 2026-02-04 08:10:07 +01:00
Code Activity

Merge pull request #1531 from Tugzrida/fix-openssl-strict-mode

Browse Source 
fix(TLS): create OpenSSL strict-mode compliant certs
This commit is contained in:
Matt Stauffer
2025-10-04 10:22:53 -04:00
committed by GitHub
parent 87141038eb 631fb7a1ca
commit 04eb1b9683
2 changed files with 9 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
cli/Valet/Site.php
View File

@@ -570,7 +570,7 @@ public function createCa(int $caExpireInDays): void
)); ));
$this->cli->runAsUser(sprintf( $this->cli->runAsUser(sprintf(
'openssl req -new -newkey rsa:2048 -days %s -nodes -x509 -subj "/C=/ST=/O=%s/localityName=/commonName=%s/organizationalUnitName=Developers/emailAddress=%s/" -keyout "%s" -out "%s"', 'openssl req -new -newkey rsa:2048 -days %s -nodes -x509 -subj "/C=/ST=/O=%s/localityName=/commonName=%s/organizationalUnitName=Developers/emailAddress=%s/" -keyout "%s" -out "%s" -addext "basicConstraints=critical,CA:TRUE" -addext "keyUsage=critical,digitalSignature,keyCertSign" -addext "subjectKeyIdentifier=hash"',
$caExpireInDays, $oName, $cName, 'rootcertificate@laravel.valet', $caKeyPath, $caPemPath $caExpireInDays, $oName, $cName, 'rootcertificate@laravel.valet', $caKeyPath, $caPemPath
)); ));
$this->trustCa($caPemPath); $this->trustCa($caPemPath);
@@ -614,7 +614,7 @@ public function createCertificate(string $url, int $caExpireInDays): void
$this->buildCertificateConf($confPath, $url); $this->buildCertificateConf($confPath, $url);
$this->createPrivateKey($keyPath); $this->createPrivateKey($keyPath);
$this->createSigningRequest($url, $keyPath, $csrPath, $confPath); $this->createSigningRequest($url, $keyPath, $csrPath);
$caSrlParam = '-CAserial "'.$caSrlPath.'"'; $caSrlParam = '-CAserial "'.$caSrlPath.'"';
if (! $this->files->exists($caSrlPath)) { if (! $this->files->exists($caSrlPath)) {
@@ -646,11 +646,11 @@ public function createPrivateKey(string $keyPath): void
/** /**
* Create the signing request for the TLS certificate. * Create the signing request for the TLS certificate.
*/ */
public function createSigningRequest(string $url, string $keyPath, string $csrPath, string $confPath): void public function createSigningRequest(string $url, string $keyPath, string $csrPath): void
{ {
$this->cli->runAsUser(sprintf( $this->cli->runAsUser(sprintf(
'openssl req -new -key "%s" -out "%s" -subj "/C=/ST=/O=/localityName=/commonName=%s/organizationalUnitName=/emailAddress=%s%s/" -config "%s"', 'openssl req -new -key "%s" -out "%s" -subj "/C=/ST=/O=/localityName=/commonName=%s/organizationalUnitName=/emailAddress=%s%s/"',
$keyPath, $csrPath, $url, $url, '@laravel.valet', $confPath $keyPath, $csrPath, $url, $url, '@laravel.valet'
)); ));
} }

6
cli/stubs/openssl.conf
View File

@@ -16,9 +16,11 @@ commonName_max = 64
[ v3_req ] [ v3_req ]
# Extensions to add to a certificate request # Extensions to add to a certificate request
basicConstraints = CA:FALSE basicConstraints = critical,CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment keyUsage = critical,nonRepudiation, digitalSignature, keyEncipherment
subjectAltName = @alt_names subjectAltName = @alt_names
authorityKeyIdentifier = keyid
subjectKeyIdentifier = hash
[alt_names] [alt_names]
DNS.1 = VALET_DOMAIN DNS.1 = VALET_DOMAIN