From d65c2451c4c8ed97d9a309a2659c8464e48f18b6 Mon Sep 17 00:00:00 2001 From: Xiang Li Date: Thu, 10 Oct 2013 23:15:48 -0700 Subject: [PATCH 1/3] Update README.md --- README.md | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/README.md b/README.md index 7ce98b95c..855c76ff3 100644 --- a/README.md +++ b/README.md @@ -521,6 +521,26 @@ Odd numbers are good because if you have 8 machines the majority will be 5 and i The result is that an 8 machine cluster can tolerate 3 machine failures and a 9 machine cluster can tolerate 4 nodes failures. And in the best case when all 9 machines are responding the cluster will perform at the speed of the fastest 5 nodes. +### Why SSLv3 alert handshake failure when using SSL client auth? +The `TLS` pacakge of `golang` checkes the key usage of certificate public key before using it. To use the certificate public key to do client auth, we need to add `clientAuth` to `Extended Key Usage` when creates the certificate public key. + +Here is how to do it: + +Add the following section to my openssl.cnf: + +``` +[ ssl_client ] +... + extendedKeyUsage = clientAuth +... +``` + +When create the cert be sure to reference it in the -extensions flag: + +``` +openssl ca -config openssl.cnf -policy policy_anything -extensions ssl_client -out certs/node.crt -infiles node.csr +``` + ## Project Details ### Versioning From 188a903e973978b9685c4adbc5ca9d67f74a4914 Mon Sep 17 00:00:00 2001 From: Xiang Li Date: Thu, 10 Oct 2013 23:43:47 -0700 Subject: [PATCH 2/3] Update README.md --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 855c76ff3..d5a3a7385 100644 --- a/README.md +++ b/README.md @@ -526,7 +526,7 @@ The `TLS` pacakge of `golang` checkes the key usage of certificate public key be Here is how to do it: -Add the following section to my openssl.cnf: +Add the following section to your openssl.cnf: ``` [ ssl_client ] @@ -535,7 +535,7 @@ Add the following section to my openssl.cnf: ... ``` -When create the cert be sure to reference it in the -extensions flag: +When creating the cert be sure to reference it in the -extensions flag: ``` openssl ca -config openssl.cnf -policy policy_anything -extensions ssl_client -out certs/node.crt -infiles node.csr From beac6d85892ddbc70c39eddd72453c87f18f08fd Mon Sep 17 00:00:00 2001 From: Xiang Li Date: Thu, 10 Oct 2013 23:44:59 -0700 Subject: [PATCH 3/3] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index d5a3a7385..289803791 100644 --- a/README.md +++ b/README.md @@ -522,7 +522,7 @@ The result is that an 8 machine cluster can tolerate 3 machine failures and a 9 And in the best case when all 9 machines are responding the cluster will perform at the speed of the fastest 5 nodes. ### Why SSLv3 alert handshake failure when using SSL client auth? -The `TLS` pacakge of `golang` checkes the key usage of certificate public key before using it. To use the certificate public key to do client auth, we need to add `clientAuth` to `Extended Key Usage` when creates the certificate public key. +The `TLS` pacakge of `golang` checks the key usage of certificate public key before using it. To use the certificate public key to do client auth, we need to add `clientAuth` to `Extended Key Usage` when creating the certificate public key. Here is how to do it: