wezterm
wezterm copied to clipboard
`wezterm cli tlscreds` generates a certificate that does not use FQDN
What Operating System(s) are you seeing this problem on?
Linux X11
Which Wayland compositor or X11 Window manager(s) are you using?
LeftWM
WezTerm version
wezterm 20240203-110809-5046fc22
Did you try the latest nightly build to see if the issue is better (or worse!) than your current version?
No, and I'll explain why below
Describe the bug
tls certs are generated using hostname, but the fqdn does not get added as a SAN
I wasn't able to test with a nightly build because the AUR package for nightly is currently broken (the terminfo file seems to have been upstreamed in ncurses, congrats :) but it's causing a file conflict) - however when I tested on macos I couldn't reproduce this behaviour regardless of using the stable or nightly build
My entry in /etc/hosts
is definitely correct, getent ahostsv4
looks good and hostname -f
is returning the right thing
To Reproduce
wezterm -n cli tlscreds --pem | awk '/-----END PRIVATE KEY-----/{p=1;next}p' | openssl x509 -text
- The certificate SAN has the short name but not FQDN
Configuration
no config (was able to repro with wezterm -n
)
Expected Behavior
TLS SAN should contain FQDN rather than short hostname (or potentially both?)
Logs
~» wezterm -n cli tlscreds --pem | awk '/-----END PRIVATE KEY-----/{p=1;next}p' | openssl x509 -text
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 0 (0x0)
Signature Algorithm: ecdsa-with-SHA256
Issuer: CN=rcgen self signed cert
Validity
Not Before: Jan 1 00:00:00 1975 GMT
Not After : Jan 1 00:00:00 4096 GMT
Subject: CN=rcgen self signed cert
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
04:ed:b0:ef:fe:88:7a:83:f9:43:37:a7:f0:3f:b7:
1c:90:98:30:a9:92:5f:ca:40:b3:33:43:52:82:83:
8b:0a:fd:d7:5e:4b:37:89:86:e9:76:b1:fb:6f:91:
76:53:1a:87:34:71:e7:7c:e2:49:b5:4d:83:e7:04:
5a:b6:4e:ca:96
ASN1 OID: prime256v1
NIST CURVE: P-256
X509v3 extensions:
X509v3 Subject Alternative Name:
DNS:desktop, DNS:localhost
X509v3 Subject Key Identifier:
CE:60:98:72:D0:24:7E:0B:04:10:1F:06:0B:86:99:C6:74:9A:E0:3A
X509v3 Basic Constraints: critical
CA:TRUE, pathlen:1
Signature Algorithm: ecdsa-with-SHA256
Signature Value:
30:45:02:20:2e:af:cc:d1:df:8d:b5:20:b1:aa:74:2c:c2:11:
22:c7:7e:6f:fe:2f:0b:fc:6e:d2:49:dd:95:6c:ec:4a:f1:d5:
02:21:00:9f:45:42:36:d1:33:0d:16:f7:cc:b2:f5:72:37:bb:
3d:04:2d:71:93:b4:da:50:d4:20:4f:90:bf:4a:92:12:4d
-----BEGIN CERTIFICATE-----
MIIBhzCCAS2gAwIBAgIBADAKBggqhkjOPQQDAjAhMR8wHQYDVQQDDBZyY2dlbiBz
ZWxmIHNpZ25lZCBjZXJ0MCAXDTc1MDEwMTAwMDAwMFoYDzQwOTYwMTAxMDAwMDAw
WjAhMR8wHQYDVQQDDBZyY2dlbiBzZWxmIHNpZ25lZCBjZXJ0MFkwEwYHKoZIzj0C
AQYIKoZIzj0DAQcDQgAE7bDv/oh6g/lDN6fwP7cckJgwqZJfykCzM0NSgoOLCv3X
Xks3iYbpdrH7b5F2UxqHNHHnfOJJtU2D5wRatk7KlqNUMFIwHQYDVR0RBBYwFIIH
ZGVza3RvcIIJbG9jYWxob3N0MB0GA1UdDgQWBBTOYJhy0CR+CwQQHwYLhpnGdJrg
OjASBgNVHRMBAf8ECDAGAQH/AgEBMAoGCCqGSM49BAMCA0gAMEUCIC6vzNHfjbUg
sap0LMIRIsd+b/4vC/xu0kndlWzsSvHVAiEAn0VCNtEzDRb3zLL1cje7PQQtcZO0
2lDUIE+Qv0qSEk0=
-----END CERTIFICATE-----
~»
Anything else?
No response