start-os icon indicating copy to clipboard operation
start-os copied to clipboard

Published 20 hours ago verified publisher icon Start9Labs

[feat]: add localhost to system certs

Open chrisguida opened this issue 3 years ago • 4 comments

This is to fix lncli in the js properties version of LND: https://github.com/Start9Labs/lnd-wrapper/pull/68#issue-1304131298

chrisguida avatar Jul 14 '22 20:07 chrisguida

I guarantee this is not necessary

dr-bonez avatar Jul 28 '22 18:07 dr-bonez

Why not?

chrisguida avatar Jul 28 '22 18:07 chrisguida

you can use the .embassy. It works just fine. The other error you were experiencing with .embassy was downstream of the cert error

dr-bonez avatar Jul 28 '22 20:07 dr-bonez

I'm not following.

We need users to be able to run lncli getinfo without errors. How do you propose that we do this without adding localhost to the cert?

~/.lnd # lncli getinfo
[lncli] rpc error: code = Unavailable desc = connection error: desc = "transport: authentication handshake failed: x509: certificate is valid for xxyoh5bbri6y572mc3frogaun6cy5txdpyq7xetikbn3vuteukncb2yd.local, *.xxyoh5bbri6y572mc3frogaun6cy5txdpyq7xetikbn3vuteukncb2yd.local, xxyoh5bbri6y572mc3frogaun6cy5txdpyq7xetikbn3vuteukncb2yd.onion, *.xxyoh5bbri6y572mc3frogaun6cy5txdpyq7xetikbn3vuteukncb2yd.onion, lnd.embassy, *.lnd.embassy, not localhost"

~/.lnd # lncli --rpcserver lnd.embassy getinfo
[lncli] rpc error: code = Unavailable desc = connection error: desc = "transport: authentication handshake failed: x509: certificate signed by unknown authority"

I'd prefer for users not to have to add an extra parameter to lncli in order to get it to run, but I'll accept that over nothing.

At least one of these two things needs to work.

chrisguida avatar Jul 28 '22 21:07 chrisguida

Figure out how to trust system cert, as whole chain is available in system mountpoint

elvece avatar Dec 14 '22 22:12 elvece