Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use new sslv3 certificates #265

Merged
merged 1 commit into from
May 2, 2018
Merged

Use new sslv3 certificates #265

merged 1 commit into from
May 2, 2018

Conversation

mikaelarguedas
Copy link
Member

@mikaelarguedas mikaelarguedas commented May 1, 2018
edited
Loading

sslv3 certificates with CA:false extension

WIP: testing ros2/sros2#47

Bionic : Linux Build Status

CI on all packages / all platforms:

  • Linux Build Status
  • Linux-aarch64 Build Status
  • macOS Build Status
  • Windows Build Status

connects to ros2/sros2#46

@mikaelarguedas mikaelarguedas added the in progress Actively being worked on (Kanban column) label May 1, 2018
@mikaelarguedas mikaelarguedas changed the title Use new sslv3 certificates [WIP] Use new sslv3 certificates May 1, 2018
@mikaelarguedas mikaelarguedas mentioned this pull request May 1, 2018
Closed
31 tasks
@mikaelarguedas
Copy link
Member Author

Confirmed that this + ros2/sros2#47 fixed secure communication on Bionic for Fast-RTPS. https://ci.ros2.org/job/ci_linux/4318/testReport/test_security.build.test_security/test_secure_publisher_subscriber__Empty__rmw_fastrtps_cpp__secure_comm_0_/test_secure_publisher_subscriber/

Remaining test failures are due to ros2/rclcpp#464

This was referenced May 1, 2018
Closed
Merged
@mikaelarguedas mikaelarguedas self-assigned this May 1, 2018
@mikaelarguedas mikaelarguedas changed the title [WIP] Use new sslv3 certificates Use new sslv3 certificates May 1, 2018
@mikaelarguedas
Copy link
Member Author

This PR update the security artifacts used for testing. They have been generated with the changes from ros2/sros2#47

Relevant changes are:

  • Use of Version: 3 in the certificates
  • addition of the following extension in the node certificates:
X509v3 extensions:
  X509v3 Basic Constraints: 
    CA:FALSE
  • addition of the extension in the generated configuration file ca_conf.cnf

@mikaelarguedas mikaelarguedas added in review Waiting for review (Kanban column) and removed in progress Actively being worked on (Kanban column) labels May 1, 2018
mjcarroll
mjcarroll reviewed May 2, 2018
View reviewed changes
Copy link
Member

@mjcarroll mjcarroll left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is there somewhere that describes how to generate these certificates?

@mikaelarguedas
Copy link
Member Author

Is there somewhere that describes how to generate these certificates?

Certificates are generating by using the ros2 security CLI. An introduction of how to use it is available at https://github.com/ros2/sros2/blob/master/README.md.

The artifacts used here for testing are slightly modified by hand as they several of them need to be invalid one way or another.
The permissions files are also slightly different as we allow them to span a wide domain ID range while the ones generated by the tool will be targeting only the host machine's domain ID and reject any other.

@mikaelarguedas mikaelarguedas merged commit 634cc7b into master May 2, 2018
@mikaelarguedas mikaelarguedas deleted the sslv3_ext branch May 2, 2018 22:25
@mikaelarguedas mikaelarguedas removed the in review Waiting for review (Kanban column) label May 2, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mjcarroll mjcarroll mjcarroll approved these changes

Assignees

@mikaelarguedas mikaelarguedas

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@mikaelarguedas @mjcarroll