Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

crypto/tls/generate_cert.go: Organization name and file names #25157

Closed
gertcuykens opened this issue Apr 29, 2018 · 5 comments
Closed

crypto/tls/generate_cert.go: Organization name and file names #25157

gertcuykens opened this issue Apr 29, 2018 · 5 comments
Labels
FrozenDueToAge NeedsDecision Feedback is required from experts, contributors, and/or the community before a change can be made.

Comments

@gertcuykens
Copy link
Contributor

https://golang.org/src/crypto/tls/generate_cert.go
Can we have 3 more flags please for

Organization: []string{"Acme Co"},
"cert.pem"
"key.pem"

It will be more flexible for building scripts that can then use it directly instead of modifying a copy of that file.

@AlekSi
Copy link
Contributor

AlekSi commented Apr 29, 2018

What is your use case?
I think this file is intended to be used only for Go testing, not by Go users.

@gertcuykens
Copy link
Contributor Author

Can be made backward compatibel by using does entries above as default. My use case is to generate certificates for testing grpc services. Where organisation need to be localhost or a specific company name, and file names tls.key, tls.crt. I can copy this file and modify it but I think this go file can fill in plenty of test cases if does 3 fields have flags too.

@adamdecaf
Copy link
Contributor

This has been brought up before and I doubt the Go team is willing to support changes to make this a dependency for folks. It's easy enough to copy the code elsewhere. See: #19900 (comment)

@ALTree ALTree added the NeedsDecision Feedback is required from experts, contributors, and/or the community before a change can be made. label Apr 30, 2018
@gertcuykens
Copy link
Contributor Author

gertcuykens commented Apr 30, 2018

Still think it helps promote the use of tls more if you make it easier for a user to generate certificates without the need of copying or use of a third party repo. Also if for some reason a security bug is found in that code, which is highly unlikely I know, but it gives a fail safe for the users to get fixed immediately.

@FiloSottile
Copy link
Contributor

generate_cert.go is not meant to be a production or full-featured tool, which is why it's not a stand-alone binary. I do agree the ecosystem needs a better way to generate certificates and manage a local CA than openssl, but that will not come by just expanding generate_cert.go.

@golang golang locked and limited conversation to collaborators Apr 30, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
FrozenDueToAge NeedsDecision Feedback is required from experts, contributors, and/or the community before a change can be made.
Projects
None yet
Development

No branches or pull requests

6 participants