Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

unit tests fail with go1.15 due to X.509 CommonName deprecation #324

Closed
dmitris opened this issue Aug 14, 2020 · 0 comments · Fixed by #325
Closed

unit tests fail with go1.15 due to X.509 CommonName deprecation #324

dmitris opened this issue Aug 14, 2020 · 0 comments · Fixed by #325

Comments

@dmitris
Copy link
Contributor

dmitris commented Aug 14, 2020
edited
Loading

go test ./... in the repo root works OK with go1.14.7 but fails with go1.15. It also works fine when run as GODEBUG=x509ignoreCN=0 go test ./... which indicates that the failure is related to the X.509 CommonName deprecation in 1.15 [1].

The CommonName-related errors are better visible if you comment out the blocking option in
https://github.com/grpc-ecosystem/go-grpc-middleware/blob/master/testing/interceptor_suite.go#L105 - changing that line to:
newDialOpts := dialOpts and running go test ./... produces multiple errors like

--- FAIL: TestAuthTestSuite (0.02s)
    --- FAIL: TestAuthTestSuite/TestStream_BadAuth (0.00s)
        auth_test.go:127:
                Error Trace:    auth_test.go:127
                Error:          Received unexpected error:
                                rpc error: code = Unavailable desc = connection error: desc = "transport: authentication handshake failed: x509: certificate relies on legacy Common Name field, use SANs or temporarily enable Common Name matching with GODEBUG=x509ignoreCN=0"
                Test:           TestAuthTestSuite/TestStream_BadAuth
                Messages:       should not fail on establishing the stream

Full dump:
grpc-middleware.txt

We also have failures in the packages that depend on github.com/grpc-ecosystem/go-grpc-middleware with go1.15 that go away when building with go1.14.7 or using GODEBUG=x509ignoreCN=0 go test -v ./....

[1] https://golang.org/doc/go1.15#commonname
dmitris added a commit to dmitris/go-grpc-middleware that referenced this issue Aug 14, 2020
@dmitris
generate TLS test certs with SAN for go1.15
7166ec0 
Fixes grpc-ecosystem#324. The certificates need to have SAN fields
instead of relying on the CommonName due to
X.509 CommonName deprecation in go1.15.

Reference: https://golang.org/doc/go1.15#commonname
@dmitris dmitris mentioned this issue Aug 14, 2020
Merged
dmitris added a commit to dmitris/go-grpc-middleware that referenced this issue Aug 14, 2020
@dmitris
generate TLS test certs with SAN for go1.15
bc2c4d0 
Fixes grpc-ecosystem#324. The certificates need to have SAN fields
instead of relying on the CommonName due to
X.509 CommonName deprecation in go1.15.

Reference: https://golang.org/doc/go1.15#commonname
dmitris added a commit to dmitris/go-grpc-middleware that referenced this issue Sep 7, 2020
@dmitris
generate TLS test certs with SAN for go1.15
ab3c185 
Fixes grpc-ecosystem#324. The certificates need to have SAN fields
instead of relying on the CommonName due to
X.509 CommonName deprecation in go1.15.

Reference: https://golang.org/doc/go1.15#commonname
dmitris added a commit to dmitris/go-grpc-middleware that referenced this issue Sep 8, 2020
@dmitris
generate TLS test certs with SAN for go1.15
c57e7d7 
Fixes grpc-ecosystem#324. The certificates need to have SAN fields
instead of relying on the CommonName due to
X.509 CommonName deprecation in go1.15.
The certificate is generated on the fly and cached in
github.com/grpc-ecosystem/go-grpc-middleware/testing/testcert
utility package.

Reference: https://golang.org/doc/go1.15#commonname
dmitris added a commit to dmitris/go-grpc-middleware that referenced this issue Sep 8, 2020
@dmitris
generate TLS test certs with SAN for go1.15
65bb6d9 
Fixes grpc-ecosystem#324. The certificates need to have SAN fields
instead of relying on the CommonName due to
X.509 CommonName deprecation in go1.15.
The certificate is generated on the fly and cached in
github.com/grpc-ecosystem/go-grpc-middleware/testing/testcert
utility package.

Reference: https://golang.org/doc/go1.15#commonname
johanbrandhorst pushed a commit that referenced this issue Sep 8, 2020
@dmitris
generate TLS test certs with SAN for go1.15 (#325)
a0dd2b9 
* generate TLS test certs with SAN for go1.15

Fixes #324. The certificates need to have SAN fields
instead of relying on the CommonName due to
X.509 CommonName deprecation in go1.15.
The certificate is generated on the fly and cached in
github.com/grpc-ecosystem/go-grpc-middleware/testing/testcert
utility package.

Reference: https://golang.org/doc/go1.15#commonname

* move test cert generation to interceptor_suite.go
This was referenced Sep 8, 2020
Merged
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

generate TLS test certs with SAN for go1.15 dmitris/go-grpc-middleware
1 participant
@dmitris