Skip to content

Commit b5332f2

Browse files
jnoordsijjnoordsij
committed
Add extendedKeyUsage = serverAuth to dind generated server cert
Matches upstream documentation recommendations on https://docs.docker.com/engine/security/protect-access/#use-tls-https-to-protect-the-docker-daemon-socket
1 parent 3dba505 commit b5332f2

File tree

2 files changed

+2
-0
lines changed

2 files changed

+2
-0
lines changed

28/dind/dockerd-entrypoint.sh

Lines changed: 1 addition & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

dockerd-entrypoint.sh

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -53,6 +53,7 @@ _tls_generate_certs() {
5353
-subj '/CN=docker:dind server'
5454
cat > "$dir/server/openssl.cnf" <<-EOF
5555
[ x509_exts ]
56+
extendedKeyUsage = serverAuth
5657
subjectAltName = $(_tls_san)
5758
EOF
5859
openssl x509 -req \

0 commit comments

Comments
 (0)