Client certificate in git seem buggy

[hazen]

Certificates generated via the Makefile in riak/tests/resources are fine, but the checked-in client.crt does not validate against ca.crt. server.crt is fine.

$ openssl verify -CAfile ca.crt client.crt
client.crt: /C=US/ST=Washington/O=Basho/OU=Riak Python Client/CN=certuser/[email protected]
error 20 at 0 depth lookup:unable to get local issuer certificate

[hazen]

Nice find, @macintux! I'll look at generating some new certs to see if that helps.

[hazen]

Hopefully this batch works better for you:

openssl verify -CAfile ca.crt client.crt
client.crt: OK
openssl verify -CAfile ca.crt server.crt
server.crt: OK

[hazen]

Looks like basho/riak_api#66 has already been merged in, so I'll need to get #370 fixed before this will successfully build.

[hazen]

Worked out that our certificates don't have the CRL location baked into them: https://github.com/basho/riak_api/blob/develop/src/riak_api_ssl.erl#L93. For now switch off checking, but next step will be to add a CRL to the certificate.

[seancribbs]

👍 e2b74b9

[hazen]

@borshop merge