Tls cert bugfix (#262)

* Bugfix for systems that cannot generate openssl certs. Includes self-signed certs that expire in 10 years. Removed automatic cert generation from install-deps.sh. Updated create-cert.sh to manually generate 10year certs (or any custom duration).

* Docker config changes to support web demo TLS
This commit is contained in:
montag 2017-05-01 10:40:54 -07:00 committed by Brandon Amos
parent 37ba2ac982
commit 47afcbf35a
7 changed files with 68 additions and 5 deletions

View File

@ -8,13 +8,16 @@ RUN apt-get update && apt-get install -y \
curl \ curl \
git \ git \
graphicsmagick \ graphicsmagick \
libssl-dev \
libffi-dev \
python-dev \ python-dev \
python-pip \ python-pip \
python-numpy \ python-numpy \
python-nose \ python-nose \
python-scipy \ python-scipy \
python-pandas \ python-pandas \
python-protobuf\ python-protobuf \
python-openssl \
wget \ wget \
zip \ zip \
&& apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* && apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*

View File

@ -1,10 +1,11 @@
# generate self-signed certs with no password for the web and socket servers # generate self-signed certs with no password for the web and socket servers
# this script requires that openssl is installed: e.g. sudo apt-get install openssl
mkdir tls mkdir tls
openssl genrsa -des3 -out tls/server.key 1024 openssl genrsa -des3 -out tls/server.key 1024
openssl req -new -key tls/server.key -out tls/server.csr openssl req -new -key tls/server.key -out tls/server.csr
cp tls/server.key tls/server.key.org cp tls/server.key tls/server.key.org
openssl rsa -in tls/server.key.org -out tls/server.key openssl rsa -in tls/server.key.org -out tls/server.key
openssl x509 -req -days 365 -in tls/server.csr -signkey tls/server.key -out tls/server.crt openssl x509 -req -days 3650 -in tls/server.csr -signkey tls/server.key -out tls/server.crt
echo 'converting to pem' echo 'converting to pem'
cat tls/server.crt tls/server.key > tls/server.pem cat tls/server.crt tls/server.key > tls/server.pem
echo 'cert complete' echo 'cert complete'

View File

@ -7,11 +7,10 @@ sudo apt-get install -y libprotobuf-dev libleveldb-dev libsnappy-dev \
libopencv-dev libhdf5-serial-dev libboost-all-dev libgflags-dev \ libopencv-dev libhdf5-serial-dev libboost-all-dev libgflags-dev \
libgoogle-glog-dev liblmdb-dev protobuf-compiler libboost-all-dev \ libgoogle-glog-dev liblmdb-dev protobuf-compiler libboost-all-dev \
libatlas-dev libatlas-base-dev liblapack-dev libblas-dev \ libatlas-dev libatlas-base-dev liblapack-dev libblas-dev \
python-pip python-numpy python-imaging python-opencv \ libssl-dev libffi-dev python-pip python-numpy python-imaging \
python-openssl python-opencv \
git wget cmake gfortran git wget cmake gfortran
source ~/openface/demos/web/create-cert.sh
mkdir -p ~/src mkdir -p ~/src
cd ~/src cd ~/src
git clone https://github.com/bvlc/caffe.git git clone https://github.com/bvlc/caffe.git

View File

@ -4,3 +4,7 @@ twisted == 15.2.1
scipy >= 0.13, < 0.17 scipy >= 0.13, < 0.17
scikit-learn >= 0.17, < 0.18 scikit-learn >= 0.17, < 0.18
protobuf >= 2.5, < 2.7 protobuf >= 2.5, < 2.7
appdirs >= 1.4.3
pyOpenSSL >= 17.0.0
cryptography >= 1.8.1
service-identity >= 16.0.0

13
demos/web/tls/server.crt Normal file
View File

@ -0,0 +1,13 @@
-----BEGIN CERTIFICATE-----
MIICATCCAWoCCQC0Yl1TUb3gjzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJB
VTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0
cyBQdHkgTHRkMB4XDTE3MDQzMDE2MDIxNFoXDTI3MDQyODE2MDIxNFowRTELMAkG
A1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0
IFdpZGdpdHMgUHR5IEx0ZDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEApnSL
fpgnKHKCNypUxedbBMik02B40zlK5jQUqAt8ityNYM4DxZV2pOwS4RLfgDrWfLKV
kOiBL+2iJmNWtc8fcU/4MnhAUCgYXvl+o3yFu8EVOLU+FXhlqJRAJOpqESMVa+II
haXDSuLLnSA0e/UrxhDmWEiTGAkteWPLyEP7G6kCAwEAATANBgkqhkiG9w0BAQsF
AAOBgQAwYgs2CrrCoknDs2p2bS/sEBc/cAWxlB3VA0yQXTAxh+6rLOYLwoF+z92w
IbUhUkZss1r0k7zZDBZ32ZEB6Hc0+q4r599UVV3gF/2Ongc6rvtzJtRAv5EZza0d
l3aaZ0aPu09XuDqv9cb/g+i/L7RgQgoEiEpK60WoTm9FeJ4Fpw==
-----END CERTIFICATE-----

15
demos/web/tls/server.key Normal file
View File

@ -0,0 +1,15 @@
-----BEGIN RSA PRIVATE KEY-----
MIICWwIBAAKBgQCmdIt+mCcocoI3KlTF51sEyKTTYHjTOUrmNBSoC3yK3I1gzgPF
lXak7BLhEt+AOtZ8spWQ6IEv7aImY1a1zx9xT/gyeEBQKBhe+X6jfIW7wRU4tT4V
eGWolEAk6moRIxVr4giFpcNK4sudIDR79SvGEOZYSJMYCS15Y8vIQ/sbqQIDAQAB
AoGAAM7D9oNKfVnA4/+ilas/t9A5bIUlUPEQOfm6t+4GVq4nSXb2cbj98GLs3Ia4
6uheLhC3xRI7vj3K8aC9xPgSUPpvdqEfef+SlfC7/lcHdtIfz1Fm2qtGdUERw2TC
Iy1ttU58sDLK5dy1Igx9SeIPGMHCWemDw4CA0HVaplCIrPkCQQDRWl0HouUquzNd
7i6kk2uNKvj0Hdft5tGNdSk9diJU2d5kLravwXKxq9cFkoZ5g8bgxjGrdnguNO4y
bcv/fN0LAkEAy4tED+0Etg0PLIXuYpHUjy5SGYpykaNx+Rfktv2lF5Uf2aDnh6Pv
DObQEYF1NAZVcT8BsLGKta9RGFL7UJOSmwJAS3fgu2T8abgMH1tCUy+VgNEx54Zu
laM0fWLz1+UjISVc5w5z6s24k9XXcHnOojVf1x17QE03q6iHCYTNGi+f2wJAXgfk
VYclmgTGcccdraO5ErxPaUUwUF+1k2GaY38h+ZcGs79Ftr/g+5DVpoCr6HDUoBB/
c2VRs0VerWIIf9zs6QJAI0M7qCsyLw9z3wfMt8uZjGLokeSet9+LarJyRFkDVFow
PBHMPvgU1+no5L+4A61cB9azn9zkIvchI2bSG0Ubgg==
-----END RSA PRIVATE KEY-----

28
demos/web/tls/server.pem Normal file
View File

@ -0,0 +1,28 @@
-----BEGIN CERTIFICATE-----
MIICATCCAWoCCQC0Yl1TUb3gjzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJB
VTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0
cyBQdHkgTHRkMB4XDTE3MDQzMDE2MDIxNFoXDTI3MDQyODE2MDIxNFowRTELMAkG
A1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0
IFdpZGdpdHMgUHR5IEx0ZDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEApnSL
fpgnKHKCNypUxedbBMik02B40zlK5jQUqAt8ityNYM4DxZV2pOwS4RLfgDrWfLKV
kOiBL+2iJmNWtc8fcU/4MnhAUCgYXvl+o3yFu8EVOLU+FXhlqJRAJOpqESMVa+II
haXDSuLLnSA0e/UrxhDmWEiTGAkteWPLyEP7G6kCAwEAATANBgkqhkiG9w0BAQsF
AAOBgQAwYgs2CrrCoknDs2p2bS/sEBc/cAWxlB3VA0yQXTAxh+6rLOYLwoF+z92w
IbUhUkZss1r0k7zZDBZ32ZEB6Hc0+q4r599UVV3gF/2Ongc6rvtzJtRAv5EZza0d
l3aaZ0aPu09XuDqv9cb/g+i/L7RgQgoEiEpK60WoTm9FeJ4Fpw==
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
MIICWwIBAAKBgQCmdIt+mCcocoI3KlTF51sEyKTTYHjTOUrmNBSoC3yK3I1gzgPF
lXak7BLhEt+AOtZ8spWQ6IEv7aImY1a1zx9xT/gyeEBQKBhe+X6jfIW7wRU4tT4V
eGWolEAk6moRIxVr4giFpcNK4sudIDR79SvGEOZYSJMYCS15Y8vIQ/sbqQIDAQAB
AoGAAM7D9oNKfVnA4/+ilas/t9A5bIUlUPEQOfm6t+4GVq4nSXb2cbj98GLs3Ia4
6uheLhC3xRI7vj3K8aC9xPgSUPpvdqEfef+SlfC7/lcHdtIfz1Fm2qtGdUERw2TC
Iy1ttU58sDLK5dy1Igx9SeIPGMHCWemDw4CA0HVaplCIrPkCQQDRWl0HouUquzNd
7i6kk2uNKvj0Hdft5tGNdSk9diJU2d5kLravwXKxq9cFkoZ5g8bgxjGrdnguNO4y
bcv/fN0LAkEAy4tED+0Etg0PLIXuYpHUjy5SGYpykaNx+Rfktv2lF5Uf2aDnh6Pv
DObQEYF1NAZVcT8BsLGKta9RGFL7UJOSmwJAS3fgu2T8abgMH1tCUy+VgNEx54Zu
laM0fWLz1+UjISVc5w5z6s24k9XXcHnOojVf1x17QE03q6iHCYTNGi+f2wJAXgfk
VYclmgTGcccdraO5ErxPaUUwUF+1k2GaY38h+ZcGs79Ftr/g+5DVpoCr6HDUoBB/
c2VRs0VerWIIf9zs6QJAI0M7qCsyLw9z3wfMt8uZjGLokeSet9+LarJyRFkDVFow
PBHMPvgU1+no5L+4A61cB9azn9zkIvchI2bSG0Ubgg==
-----END RSA PRIVATE KEY-----