From deea55b8b3ead3453c02de580cbba238b60274e8 Mon Sep 17 00:00:00 2001 From: JeremyRand Date: Thu, 9 Nov 2017 00:43:39 +0000 Subject: [PATCH 1/6] generate_nmc_cert: rebase against Go 1.8.3 standard library. --- generate_nmc_cert/main.go | 92 +++++++++++++++++++++++++++++---------- 1 file changed, 68 insertions(+), 24 deletions(-) diff --git a/generate_nmc_cert/main.go b/generate_nmc_cert/main.go index 3db2284..b6e7ec8 100644 --- a/generate_nmc_cert/main.go +++ b/generate_nmc_cert/main.go @@ -1,13 +1,19 @@ -// Copyright 2009 The Go Authors, 2015-2016 Jeremy Rand. All rights reserved. +// Copyright 2009 The Go Authors. All rights reserved. +// Dehydrated certificate modifications Copyright 2015-2017 Jeremy Rand. All +// rights reserved. // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. + // Generate a self-signed X.509 certificate for a TLS server. Outputs to // 'cert.pem' and 'key.pem' and will overwrite existing files. // This code has been modified from the stock Go code to generate // "dehydrated certificates", suitable for inclusion in a Namecoin name. +// Last rebased against Go 1.8.3. +// Future rebases need to rebase both the main flow and the falseHost flow. + package main import ( @@ -26,14 +32,18 @@ import ( "github.com/namecoin/ncdns/x509" "log" "math/big" + //"net" "os" + //"strings" "time" ) var ( host = flag.String("host", "", "Hostname to generate a certificate for (only use one)") validFrom = flag.String("start-date", "", "Creation date formatted as Jan 1 15:04:05 2011") - validTo = flag.String("end-date", "", "End date formatted as Jan 1 15:04:05 2011") + validFor = flag.Duration("duration", 365*24*time.Hour, "Duration that certificate is valid for") + //isCA = flag.Bool("ca", false, "whether this cert should be its own Certificate Authority") + //rsaBits = flag.Int("rsa-bits", 2048, "Size of RSA key to generate. Ignored if --ecdsa-curve is set") ecdsaCurve = flag.String("ecdsa-curve", "", "ECDSA curve to use to generate a key. Valid values are P224, P256, P384, P521") falseHost = flag.String("false-host", "", "(Optional) Generate a false cert for this host; used to test x.509 implementations for safety regarding handling of the CA flag and KeyUsage") ) @@ -71,19 +81,13 @@ func main() { if len(*host) == 0 { log.Fatalf("Missing required --host parameter") } - if len(*validFrom) == 0 { - log.Fatalf("Missing required --start-date parameter") - } - if len(*validTo) == 0 { - log.Fatalf("Missing required --end-date parameter") - } - if len(*ecdsaCurve) == 0 { - log.Fatalf("Missing required --ecdsa-curve parameter") - } var priv interface{} var err error switch *ecdsaCurve { + case "": + //priv, err = rsa.GenerateKey(rand.Reader, *rsaBits) + log.Fatalf("Missing required --ecdsa-curve parameter") case "P224": priv, err = ecdsa.GenerateKey(elliptic.P224(), rand.Reader) case "P256": @@ -101,24 +105,25 @@ func main() { } var notBefore time.Time - notBefore, err = time.Parse("Jan 2 15:04:05 2006", *validFrom) - if err != nil { - fmt.Fprintf(os.Stderr, "Failed to parse creation date: %s\n", err) - os.Exit(1) + if len(*validFrom) == 0 { + notBefore = time.Now() + } else { + notBefore, err = time.Parse("Jan 2 15:04:05 2006", *validFrom) + if err != nil { + fmt.Fprintf(os.Stderr, "Failed to parse creation date: %s\n", err) + os.Exit(1) + } } - var notAfter time.Time - notAfter, err = time.Parse("Jan 2 15:04:05 2006", *validTo) - if err != nil { - fmt.Fprintf(os.Stderr, "Failed to parse expiry date: %s\n", err) - os.Exit(1) - } + notAfter := notBefore.Add(*validFor) timestampPrecision := int64(5 * 60) notBeforeFloored := time.Unix((notBefore.Unix()/timestampPrecision)*timestampPrecision, 0) notAfterFloored := time.Unix((notAfter.Unix()/timestampPrecision)*timestampPrecision, 0) + //serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128) + //serialNumber, err := rand.Int(rand.Reader, serialNumberLimit) // Serial components pubkeyBytes, err := x509.MarshalPKIXPublicKey(publicKey(priv)) if err != nil { @@ -137,27 +142,46 @@ func main() { serialNumber := big.NewInt(1) serialNumberBytes, err := serialDehydrated.SerialNumber(*host) if err != nil { - log.Fatalf("Error calculating serial number: %s", err) + log.Fatalf("failed to generate serial number: %s", err) } serialNumber.SetBytes(serialNumberBytes) template := x509.Certificate{ SerialNumber: serialNumber, Subject: pkix.Name{ + //Organization: []string{"Acme Co"}, CommonName: *host, SerialNumber: "Namecoin TLS Certificate", }, + //NotBefore: notBefore, NotBefore: notBeforeFloored, + //NotAfter: notAfter, NotAfter: notAfterFloored, - // x509.KeyUsageKeyEncipherment is used for RSA key exchange, but not DHE/ECDHE key exchange. Since everyone should be using ECDHE (due to forward secrecy), we disallow x509.KeyUsageKeyEncipherment in our template. + // x509.KeyUsageKeyEncipherment is used for RSA key exchange, + // but not DHE/ECDHE key exchange. Since everyone should be + // using ECDHE (due to forward secrecy), we disallow + // x509.KeyUsageKeyEncipherment in our template. //KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature, KeyUsage: x509.KeyUsageDigitalSignature, ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth}, BasicConstraintsValid: true, } + //hosts := strings.Split(*host, ",") + //for _, h := range hosts { + // if ip := net.ParseIP(h); ip != nil { + // template.IPAddresses = append(template.IPAddresses, ip) + // } else { + // template.DNSNames = append(template.DNSNames, h) template.DNSNames = append(template.DNSNames, *host) + // } + //} + + //if *isCA { + // template.IsCA = true + // template.KeyUsage |= x509.KeyUsageCertSign + //} derBytes, err := x509.CreateCertificate(rand.Reader, &template, &template, publicKey(priv), priv) if err != nil { @@ -213,6 +237,9 @@ func main() { var falsePriv interface{} switch *ecdsaCurve { + case "": + //falsePriv, err = rsa.GenerateKey(rand.Reader, *rsaBits) + log.Fatalf("Missing required --ecdsa-curve parameter") case "P224": falsePriv, err = ecdsa.GenerateKey(elliptic.P224(), rand.Reader) case "P256": @@ -234,20 +261,37 @@ func main() { falseTemplate := x509.Certificate{ SerialNumber: falseSerialNumber, Subject: pkix.Name{ + //Organization: []string{"Acme Co"}, CommonName: *falseHost, SerialNumber: "Namecoin TLS Certificate", }, NotBefore: notBefore, NotAfter: notAfter, - // x509.KeyUsageKeyEncipherment is used for RSA key exchange, but not DHE/ECDHE key exchange. Since everyone should be using ECDHE (due to forward secrecy), we disallow x509.KeyUsageKeyEncipherment in our template. + // x509.KeyUsageKeyEncipherment is used for RSA key exchange, + // but not DHE/ECDHE key exchange. Since everyone should be + // using ECDHE (due to forward secrecy), we disallow + // x509.KeyUsageKeyEncipherment in our template. //KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature, KeyUsage: x509.KeyUsageDigitalSignature, ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth}, BasicConstraintsValid: true, } + //falseHosts := strings.Split(*falseHost, ",") + //for _, h := range falseHosts { + // if ip := net.ParseIP(h); ip != nil { + // falseTemplate.IPAddresses = append(falseTemplate.IPAddresses, ip) + // } else { + // falseTemplate.DNSNames = append(falseTemplate.DNSNames, h) falseTemplate.DNSNames = append(falseTemplate.DNSNames, *falseHost) + // } + //} + + //if *isCA { + // falseTemplate.IsCA = true + // falseTemplate.KeyUsage |= x509.KeyUsageCertSign + //} falseDerBytes, err := x509.CreateCertificate(rand.Reader, &falseTemplate, &template, publicKey(falsePriv), priv) if err != nil { From 7263b7ae04ac74f12522c42f26cc82c043354273 Mon Sep 17 00:00:00 2001 From: JeremyRand Date: Thu, 9 Nov 2017 02:47:17 +0000 Subject: [PATCH 2/6] generate_nmc_cert: split falsehost into its own file, which makes auditing merges from upstream Go stdlib substantially easier. --- generate_nmc_cert/falsehost.go | 189 +++++++++++++++++++++++++++++++++ generate_nmc_cert/main.go | 82 +------------- 2 files changed, 191 insertions(+), 80 deletions(-) create mode 100644 generate_nmc_cert/falsehost.go diff --git a/generate_nmc_cert/falsehost.go b/generate_nmc_cert/falsehost.go new file mode 100644 index 0000000..7042e72 --- /dev/null +++ b/generate_nmc_cert/falsehost.go @@ -0,0 +1,189 @@ +// Copyright 2009 The Go Authors. All rights reserved. +// Dehydrated certificate modifications Copyright 2015-2017 Jeremy Rand. All +// rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + + +// Generate a self-signed X.509 certificate for a TLS server. Outputs to +// 'cert.pem' and 'key.pem' and will overwrite existing files. + +// This code has been modified from the stock Go code to generate +// "dehydrated certificates", suitable for inclusion in a Namecoin name. + +// Last rebased against Go 1.8.3. +// Future rebases need to rebase both the main flow and the falseHost flow. + +package main + +import ( + "crypto/ecdsa" + "crypto/elliptic" + "crypto/rand" + //"crypto/rsa" + //"crypto/x509" + "crypto/x509/pkix" + "encoding/pem" + //"flag" + "fmt" + "github.com/namecoin/ncdns/x509" + "log" + "math/big" + //"net" + "os" + //"strings" + "time" +) + +//var ( +// host = flag.String("host", "", "Comma-separated hostnames and IPs to generate a certificate for") +// validFrom = flag.String("start-date", "", "Creation date formatted as Jan 1 15:04:05 2011") +// validFor = flag.Duration("duration", 365*24*time.Hour, "Duration that certificate is valid for") +// isCA = flag.Bool("ca", false, "whether this cert should be its own Certificate Authority") +// rsaBits = flag.Int("rsa-bits", 2048, "Size of RSA key to generate. Ignored if --ecdsa-curve is set") +// ecdsaCurve = flag.String("ecdsa-curve", "", "ECDSA curve to use to generate a key. Valid values are P224, P256, P384, P521") +//) + +//func publicKey(priv interface{}) interface{} { +// switch k := priv.(type) { +// case *rsa.PrivateKey: +// return &k.PublicKey +// case *ecdsa.PrivateKey: +// return &k.PublicKey +// default: +// return nil +// } +//} + +//func pemBlockForKey(priv interface{}) *pem.Block { +// switch k := priv.(type) { +// case *rsa.PrivateKey: +// return &pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(k)} +// case *ecdsa.PrivateKey: +// b, err := x509.MarshalECPrivateKey(k) +// if err != nil { +// fmt.Fprintf(os.Stderr, "Unable to marshal ECDSA private key: %v", err) +// os.Exit(2) +// } +// return &pem.Block{Type: "EC PRIVATE KEY", Bytes: b} +// default: +// return nil +// } +//} + +//func main() { +func doFalseHost(parentTemplate x509.Certificate, parentPriv interface{}) { +// flag.Parse() + +// if len(*host) == 0 { +// log.Fatalf("Missing required --host parameter") +// } + + var priv interface{} + var err error + switch *ecdsaCurve { + case "": + //priv, err = rsa.GenerateKey(rand.Reader, *rsaBits) + log.Fatalf("Missing required --ecdsa-curve parameter") + case "P224": + priv, err = ecdsa.GenerateKey(elliptic.P224(), rand.Reader) + case "P256": + priv, err = ecdsa.GenerateKey(elliptic.P256(), rand.Reader) + case "P384": + priv, err = ecdsa.GenerateKey(elliptic.P384(), rand.Reader) + case "P521": + priv, err = ecdsa.GenerateKey(elliptic.P521(), rand.Reader) + default: + fmt.Fprintf(os.Stderr, "Unrecognized elliptic curve: %q", *ecdsaCurve) + os.Exit(1) + } + if err != nil { + //log.Fatalf("failed to generate private key: %s", err) + log.Fatalf("failed to generate false private key: %s", err) + } + + var notBefore time.Time + if len(*validFrom) == 0 { + notBefore = time.Now() + } else { + notBefore, err = time.Parse("Jan 2 15:04:05 2006", *validFrom) + if err != nil { + fmt.Fprintf(os.Stderr, "Failed to parse creation date: %s\n", err) + os.Exit(1) + } + } + + notAfter := notBefore.Add(*validFor) + + //serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128) + //serialNumber, err := rand.Int(rand.Reader, serialNumberLimit) + //if err != nil { + // log.Fatalf("failed to generate serial number: %s", err) + //} + serialNumber := big.NewInt(2) + + template := x509.Certificate{ + SerialNumber: serialNumber, + Subject: pkix.Name{ + //Organization: []string{"Acme Co"}, + CommonName: *falseHost, + SerialNumber: "Namecoin TLS Certificate", + }, + NotBefore: notBefore, + NotAfter: notAfter, + + // x509.KeyUsageKeyEncipherment is used for RSA key exchange, + // but not DHE/ECDHE key exchange. Since everyone should be + // using ECDHE (due to forward secrecy), we disallow + // x509.KeyUsageKeyEncipherment in our template. + //KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature, + KeyUsage: x509.KeyUsageDigitalSignature, + ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth}, + BasicConstraintsValid: true, + } + + //hosts := strings.Split(*host, ",") + //for _, h := range hosts { + // if ip := net.ParseIP(h); ip != nil { + // template.IPAddresses = append(template.IPAddresses, ip) + // } else { + // template.DNSNames = append(template.DNSNames, h) + template.DNSNames = append(template.DNSNames, *falseHost) + // } + //} + + //if *isCA { + // template.IsCA = true + // template.KeyUsage |= x509.KeyUsageCertSign + //} + + //derBytes, err := x509.CreateCertificate(rand.Reader, &template, &template, publicKey(priv), priv) + derBytes, err := x509.CreateCertificate(rand.Reader, &template, &parentTemplate, publicKey(priv), parentPriv) + if err != nil { + //log.Fatalf("Failed to create certificate: %s", err) + log.Fatalf("Failed to create false certificate: %s", err) + } + + //certOut, err := os.Create("cert.pem") + certOut, err := os.Create("falseCert.pem") + if err != nil { + //log.Fatalf("failed to open cert.pem for writing: %s", err) + log.Fatalf("failed to open falseCert.pem for writing: %s", err) + } + pem.Encode(certOut, &pem.Block{Type: "CERTIFICATE", Bytes: derBytes}) + certOut.Close() + //log.Print("written cert.pem\n") + log.Print("written falseCert.pem\n") + + //keyOut, err := os.OpenFile("key.pem", os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600) + keyOut, err := os.OpenFile("falseKey.pem", os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600) + if err != nil { + //log.Print("failed to open key.pem for writing:", err) + log.Print("failed to open falseKey.pem for writing:", err) + return + } + pem.Encode(keyOut, pemBlockForKey(priv)) + keyOut.Close() + //log.Print("written key.pem\n") + log.Print("written falseKey.pem\n") +} diff --git a/generate_nmc_cert/main.go b/generate_nmc_cert/main.go index b6e7ec8..672a51d 100644 --- a/generate_nmc_cert/main.go +++ b/generate_nmc_cert/main.go @@ -39,6 +39,7 @@ import ( ) var ( + //host = flag.String("host", "", "Comma-separated hostnames and IPs to generate a certificate for") host = flag.String("host", "", "Hostname to generate a certificate for (only use one)") validFrom = flag.String("start-date", "", "Creation date formatted as Jan 1 15:04:05 2011") validFor = flag.Duration("duration", 365*24*time.Hour, "Duration that certificate is valid for") @@ -234,85 +235,6 @@ func main() { log.Print("SUCCESS: The cert rehydrated to an identical form. Place the generated files in your HTTPS server, and place the above JSON in the \"tls\" field for your Namecoin name.") if len(*falseHost) > 0 { - var falsePriv interface{} - - switch *ecdsaCurve { - case "": - //falsePriv, err = rsa.GenerateKey(rand.Reader, *rsaBits) - log.Fatalf("Missing required --ecdsa-curve parameter") - case "P224": - falsePriv, err = ecdsa.GenerateKey(elliptic.P224(), rand.Reader) - case "P256": - falsePriv, err = ecdsa.GenerateKey(elliptic.P256(), rand.Reader) - case "P384": - falsePriv, err = ecdsa.GenerateKey(elliptic.P384(), rand.Reader) - case "P521": - falsePriv, err = ecdsa.GenerateKey(elliptic.P521(), rand.Reader) - default: - fmt.Fprintf(os.Stderr, "Unrecognized elliptic curve: %q", *ecdsaCurve) - os.Exit(1) - } - if err != nil { - log.Fatalf("failed to generate false private key: %s", err) - } - - falseSerialNumber := big.NewInt(2) - - falseTemplate := x509.Certificate{ - SerialNumber: falseSerialNumber, - Subject: pkix.Name{ - //Organization: []string{"Acme Co"}, - CommonName: *falseHost, - SerialNumber: "Namecoin TLS Certificate", - }, - NotBefore: notBefore, - NotAfter: notAfter, - - // x509.KeyUsageKeyEncipherment is used for RSA key exchange, - // but not DHE/ECDHE key exchange. Since everyone should be - // using ECDHE (due to forward secrecy), we disallow - // x509.KeyUsageKeyEncipherment in our template. - //KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature, - KeyUsage: x509.KeyUsageDigitalSignature, - ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth}, - BasicConstraintsValid: true, - } - - //falseHosts := strings.Split(*falseHost, ",") - //for _, h := range falseHosts { - // if ip := net.ParseIP(h); ip != nil { - // falseTemplate.IPAddresses = append(falseTemplate.IPAddresses, ip) - // } else { - // falseTemplate.DNSNames = append(falseTemplate.DNSNames, h) - falseTemplate.DNSNames = append(falseTemplate.DNSNames, *falseHost) - // } - //} - - //if *isCA { - // falseTemplate.IsCA = true - // falseTemplate.KeyUsage |= x509.KeyUsageCertSign - //} - - falseDerBytes, err := x509.CreateCertificate(rand.Reader, &falseTemplate, &template, publicKey(falsePriv), priv) - if err != nil { - log.Fatalf("Failed to create false certificate: %s", err) - } - - falseCertOut, err := os.Create("falseCert.pem") - if err != nil { - log.Fatalf("failed to open falseCert.pem for writing: %s", err) - } - pem.Encode(falseCertOut, &pem.Block{Type: "CERTIFICATE", Bytes: falseDerBytes}) - falseCertOut.Close() - log.Print("written falseCert.pem\n") - - falseKeyOut, err := os.OpenFile("falseKey.pem", os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600) - if err != nil { - log.Print("failed to open falseKey.pem for writing:", err) - return - } - pem.Encode(falseKeyOut, pemBlockForKey(falsePriv)) - falseKeyOut.Close() - log.Print("written falseKey.pem\n") + doFalseHost(template, priv) } } From fca636d4a16870198d924a2860c7bd498b7eaf69 Mon Sep 17 00:00:00 2001 From: JeremyRand Date: Sun, 19 Nov 2017 06:48:57 +0000 Subject: [PATCH 3/6] generate_nmc_cert: Use P256 curve by default. In Go stdlib, RSA2048 is used by default. RSA support was removed in our fork, but we neglected to set a default ECDSA curve, so the user had to choose a curve. P256 is recommended by the Go devs and by us, so it seems to be a reasonable default. --- generate_nmc_cert/main.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/generate_nmc_cert/main.go b/generate_nmc_cert/main.go index 672a51d..caf5ff2 100644 --- a/generate_nmc_cert/main.go +++ b/generate_nmc_cert/main.go @@ -45,7 +45,8 @@ var ( validFor = flag.Duration("duration", 365*24*time.Hour, "Duration that certificate is valid for") //isCA = flag.Bool("ca", false, "whether this cert should be its own Certificate Authority") //rsaBits = flag.Int("rsa-bits", 2048, "Size of RSA key to generate. Ignored if --ecdsa-curve is set") - ecdsaCurve = flag.String("ecdsa-curve", "", "ECDSA curve to use to generate a key. Valid values are P224, P256, P384, P521") + //ecdsaCurve = flag.String("ecdsa-curve", "", "ECDSA curve to use to generate a key. Valid values are P224, P256, P384, P521") + ecdsaCurve = flag.String("ecdsa-curve", "P256", "ECDSA curve to use to generate a key. Valid values are P224, P256, P384, P521") falseHost = flag.String("false-host", "", "(Optional) Generate a false cert for this host; used to test x.509 implementations for safety regarding handling of the CA flag and KeyUsage") ) From cee2b1820c2328c0346f08fcd374cfc8f19b4a45 Mon Sep 17 00:00:00 2001 From: JeremyRand Date: Sun, 19 Nov 2017 07:00:04 +0000 Subject: [PATCH 4/6] generate_nmc_cert: Disable gofmt linter. This is because following its recommendations would produce unnecessary noise in the diff against upstream. --- generate_nmc_cert/falsehost.go | 2 ++ generate_nmc_cert/main.go | 2 ++ 2 files changed, 4 insertions(+) diff --git a/generate_nmc_cert/falsehost.go b/generate_nmc_cert/falsehost.go index 7042e72..4030678 100644 --- a/generate_nmc_cert/falsehost.go +++ b/generate_nmc_cert/falsehost.go @@ -1,3 +1,5 @@ +// nolint: gofmt + // Copyright 2009 The Go Authors. All rights reserved. // Dehydrated certificate modifications Copyright 2015-2017 Jeremy Rand. All // rights reserved. diff --git a/generate_nmc_cert/main.go b/generate_nmc_cert/main.go index caf5ff2..366a0aa 100644 --- a/generate_nmc_cert/main.go +++ b/generate_nmc_cert/main.go @@ -1,3 +1,5 @@ +// nolint: gofmt + // Copyright 2009 The Go Authors. All rights reserved. // Dehydrated certificate modifications Copyright 2015-2017 Jeremy Rand. All // rights reserved. From fb709df2608a4d2c7f662b6b7cb5cbbf5cb204ba Mon Sep 17 00:00:00 2001 From: JeremyRand Date: Sat, 23 Jun 2018 09:48:42 +0000 Subject: [PATCH 5/6] generate_nmc_cert: Use more standard imports order. --- generate_nmc_cert/falsehost.go | 3 ++- generate_nmc_cert/main.go | 5 +++-- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/generate_nmc_cert/falsehost.go b/generate_nmc_cert/falsehost.go index 4030678..9baa476 100644 --- a/generate_nmc_cert/falsehost.go +++ b/generate_nmc_cert/falsehost.go @@ -28,13 +28,14 @@ import ( "encoding/pem" //"flag" "fmt" - "github.com/namecoin/ncdns/x509" "log" "math/big" //"net" "os" //"strings" "time" + + "github.com/namecoin/ncdns/x509" ) //var ( diff --git a/generate_nmc_cert/main.go b/generate_nmc_cert/main.go index 366a0aa..cded58c 100644 --- a/generate_nmc_cert/main.go +++ b/generate_nmc_cert/main.go @@ -30,14 +30,15 @@ import ( "encoding/pem" "flag" "fmt" - "github.com/namecoin/ncdns/certdehydrate" - "github.com/namecoin/ncdns/x509" "log" "math/big" //"net" "os" //"strings" "time" + + "github.com/namecoin/ncdns/certdehydrate" + "github.com/namecoin/ncdns/x509" ) var ( From 986772bd02c15d7d25dd8b86402cc3c497e76531 Mon Sep 17 00:00:00 2001 From: JeremyRand Date: Sat, 23 Jun 2018 09:54:49 +0000 Subject: [PATCH 6/6] generate_nmc_cert: disable goimports linter. This is for the same reason that gofmt is disabled. --- generate_nmc_cert/falsehost.go | 2 +- generate_nmc_cert/main.go | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/generate_nmc_cert/falsehost.go b/generate_nmc_cert/falsehost.go index 9baa476..d3e62ee 100644 --- a/generate_nmc_cert/falsehost.go +++ b/generate_nmc_cert/falsehost.go @@ -1,4 +1,4 @@ -// nolint: gofmt +// nolint: gofmt, goimports // Copyright 2009 The Go Authors. All rights reserved. // Dehydrated certificate modifications Copyright 2015-2017 Jeremy Rand. All diff --git a/generate_nmc_cert/main.go b/generate_nmc_cert/main.go index cded58c..e63185d 100644 --- a/generate_nmc_cert/main.go +++ b/generate_nmc_cert/main.go @@ -1,4 +1,4 @@ -// nolint: gofmt +// nolint: gofmt, goimports // Copyright 2009 The Go Authors. All rights reserved. // Dehydrated certificate modifications Copyright 2015-2017 Jeremy Rand. All