Set DNS names correctly

build/scripts/Complement.Dockerfile

@@ -20,7 +20,7 @@ EXPOSE 8008 8448
 
 # At runtime, generate TLS cert based on the CA now mounted at /ca
 # At runtime, replace the SERVER_NAME with what we are told
-CMD ./generate-keys --tls-cert server.crt --tls-key server.key --tls-authority-cert /ca/ca.crt --tls-authority-key /ca/ca.key && \
+CMD ./generate-keys --server $SERVER_NAME --tls-cert server.crt --tls-key server.key --tls-authority-cert /ca/ca.crt --tls-authority-key /ca/ca.key && \
  sed -i "s/server_name: localhost/server_name: ${SERVER_NAME}/g" dendrite.yaml && \
  cp /ca/ca.crt /usr/local/share/ca-certificates/ && update-ca-certificates && \
  ./dendrite-monolith-server --tls-cert server.crt --tls-key server.key --config dendrite.yaml

cmd/generate-keys/main.go

@@ -35,8 +35,9 @@ var (
 	tlsCertFile       = flag.String("tls-cert", "", "An X509 certificate file to generate for use for TLS")
 	tlsKeyFile        = flag.String("tls-key", "", "An RSA private key file to generate for use for TLS")
 	privateKeyFile    = flag.String("private-key", "", "An Ed25519 private key to generate for use for object signing")
-	authorityCertFile = flag.String("tls-authority-cert", "", "Optional: Create TLS certificate/keys based on this CA authority. Useful for testing.")
+	authorityCertFile = flag.String("tls-authority-cert", "", "Optional: Create TLS certificate/keys based on this CA authority. Useful for integration testing.")
-	authorityKeyFile  = flag.String("tls-authority-key", "", "Optional: Create TLS certificate/keys based on this CA authority. Useful for testing.")
+	authorityKeyFile  = flag.String("tls-authority-key", "", "Optional: Create TLS certificate/keys based on this CA authority. Useful for integration testing.")
+	serverName        = flag.String("server", "", "Optional: Create TLS certificate/keys with this domain name set. Useful for integration testing.")
 )
 
 func main() {
@@ -62,7 +63,7 @@ func main() {
 			}
 		} else {
 			// generate the TLS cert/key based on the authority given.
-			if err := test.NewTLSKeyWithAuthority(*authorityKeyFile, *authorityCertFile, *tlsKeyFile, *tlsCertFile); err != nil {
+			if err := test.NewTLSKeyWithAuthority(*serverName, *tlsKeyFile, *tlsCertFile, *authorityKeyFile, *authorityCertFile); err != nil {
 				panic(err)
 			}
 		}

internal/test/config.go

@@ -159,7 +159,7 @@ func NewMatrixKey(matrixKeyPath string) (err error) {
 
 const certificateDuration = time.Hour * 24 * 365 * 10
 
-func generateTLSTemplate() (*rsa.PrivateKey, *x509.Certificate, error) {
+func generateTLSTemplate(dnsNames []string) (*rsa.PrivateKey, *x509.Certificate, error) {
 	priv, err := rsa.GenerateKey(rand.Reader, 4096)
 	if err != nil {
 		return nil, nil, err
@@ -180,6 +180,7 @@ func generateTLSTemplate() (*rsa.PrivateKey, *x509.Certificate, error) {
 		KeyUsage:              x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature,
 		ExtKeyUsage:           []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
 		BasicConstraintsValid: true,
+		DNSNames:              dnsNames,
 	}
 	return priv, &template, nil
 }
@@ -208,7 +209,7 @@ func writePrivateKey(tlsKeyPath string, priv *rsa.PrivateKey) error {
 
 // NewTLSKey generates a new RSA TLS key and certificate and writes it to a file.
 func NewTLSKey(tlsKeyPath, tlsCertPath string) error {
-	priv, template, err := generateTLSTemplate()
+	priv, template, err := generateTLSTemplate(nil)
 	if err != nil {
 		return err
 	}
@@ -225,8 +226,8 @@ func NewTLSKey(tlsKeyPath, tlsCertPath string) error {
 	return writePrivateKey(tlsKeyPath, priv)
 }
 
-func NewTLSKeyWithAuthority(tlsKeyPath, tlsCertPath, authorityKeyPath, authorityCertPath string) error {
+func NewTLSKeyWithAuthority(serverName, tlsKeyPath, tlsCertPath, authorityKeyPath, authorityCertPath string) error {
-	priv, template, err := generateTLSTemplate()
+	priv, template, err := generateTLSTemplate([]string{serverName})
 	if err != nil {
 		return err
 	}