STARTTLS Enhance CN generator for self signed certificate

[TomFreudenberg]

When using STARTTLS and leave MidiSmtpServer to generate a self signed certificate, it may happen that clients will reject with messages like:

hostname "127.0.0.1" does not match the server certificate

This will happen to the helpful self signed generator, which just creates a certificate for CN 'localhost.local' currently.

In case of above it had to be generated for Alternate CN '127.0.0.1' as well.

Solution

Enable optionally and iterate through all unique addresses and names for which self signed certifcate should include CNs

Sample

This can be done via Resolv class like:

p Resolv.getaddresses "localhost"
["::1", "127.0.0.1"]

p Resolv.getnames "127.0.0.1"
["localhost"]

p Resolv.getnames "::1"
["localhost"]

p Resolv.getnames "192.168.1.99"
["host1.my.domain", "host2.my.domain"]

Option

It should by also possible by opts element to self define the list of CNs during initialization of MidiSmtpServer class.

Additional information
You may also check the condition discussed at mailcatcher PR sj26/mailcatcher#386

More about SAN https://support.dnsimple.com/articles/what-is-ssl-san/

[TomFreudenberg]

Need more work here

Check documentation at: https://gist.github.com/arusso/d5a3195773c2ca3717d4
and r509 component https://github.com/r509/r509

[TomFreudenberg]

This is fixed and implemented in

d7717d7

Also there are additional test to check SSL transmission without hostname errors.

Resulting SSL certificate looks like:

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=localhost.local
        Validity
            Not Before: Jan 21 03:27:22 2020 GMT
            Not After : Apr 20 03:27:22 2020 GMT
        Subject: CN=localhost.local
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (4096 bit)
                Modulus:
                    00:a8:b7:66:33:8a:dc:97:2c:4e:c3:28:a8:f8:68:
                    83:5c:2a:34:de:a9:ba:76:db:29:ed:85:f9:81:51:
                    bc:fe:0f:15:19:37:db:ab:6d:0f:f1:d6:69:37:2d:
                    f5:e6:9b:9a:58:ae:29:7b:d7:e3:aa:07:a4:a2:20:
                    09:0b:e5:43:d4:e6:33:d0:f3:b8:f0:cf:48:00:00:
                    e5:8b:b4:9e:a4:f1:59:9f:ac:e2:bf:12:83:fe:10:
                    ab:8e:7c:1b:53:26:10:d6:1b:96:f9:5d:52:39:b4:
                    39:70:42:80:14:69:1b:42:cd:71:9c:59:2c:2a:87:
                    36:df:05:fb:48:1d:1c:41:bb:12:53:94:14:53:89:
                    18:c6:17:86:6c:21:95:f0:09:16:cb:3b:cb:9f:6f:
                    73:ef:37:6b:8c:88:92:6e:16:0f:84:8e:78:34:28:
                    e3:f0:2c:7f:66:bb:df:91:37:1c:0b:65:b2:1c:91:
                    e8:d1:8f:18:52:b6:46:59:da:80:29:2b:73:7b:1b:
                    ed:19:cb:52:08:f8:ef:5c:e2:aa:be:9d:af:1c:bf:
                    fb:10:e5:9a:3e:8b:fe:aa:79:2a:0c:40:d5:6f:9f:
                    9f:4c:46:4f:5c:24:29:0c:7c:9e:29:ac:59:4f:6f:
                    d0:de:ae:c3:76:94:92:5b:58:ba:40:7f:38:3c:47:
                    a5:9e:80:40:f7:70:a0:b9:49:dd:65:87:e2:42:71:
                    65:8f:41:fb:5c:46:d2:d8:46:da:d5:1c:dd:b3:01:
                    4f:28:75:fd:5e:ae:39:cb:76:17:bf:7c:66:f4:9c:
                    dd:3c:98:55:ce:f8:03:3a:c2:00:e1:08:c7:e3:ee:
                    63:4e:e3:58:d9:f2:2d:76:66:af:59:fd:1c:d0:60:
                    00:d1:57:b6:d6:a0:f7:11:cd:2c:91:36:17:f1:b1:
                    e0:33:6a:35:67:0b:e7:b1:71:ce:72:b5:9e:e4:1a:
                    29:d8:bb:d5:9e:99:a8:c1:d4:50:c8:2c:66:47:fe:
                    94:38:9d:83:1b:c7:0b:d0:05:af:0b:5d:84:7a:94:
                    e2:b0:f4:16:76:4e:bf:ac:0a:e6:0f:ff:a8:97:f4:
                    96:df:f3:91:fb:45:a9:4d:f2:8f:ab:5a:4b:d2:bf:
                    b6:94:0a:7b:ec:15:d2:ba:34:2d:34:72:ca:2c:54:
                    e3:db:58:af:84:03:b3:67:31:e9:2d:e7:f0:35:05:
                    a9:02:45:80:de:9c:44:60:9c:69:86:b0:38:8d:63:
                    91:a6:03:b1:73:48:6e:ae:fd:29:6e:cf:c8:ab:f4:
                    e6:da:37:ea:70:5d:9f:1e:cd:6c:08:dc:72:f8:0f:
                    bd:1d:11:39:1f:11:d6:29:41:d5:74:69:a2:c7:47:
                    62:6a:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: 
                CA:FALSE
            X509v3 Key Usage: 
                Digital Signature, Non Repudiation, Key Encipherment, Data Encipherment
            X509v3 Subject Alternative Name: 
                DNS:localhost.local, DNS:127.0.0.1, DNS:::1, DNS:192.168.0.72, IP Address:127.0.0.1, IP Address:0:0:0:0:0:0:0:1, IP Address:192.168.0.72
    Signature Algorithm: sha256WithRSAEncryption
         32:1d:bc:ab:3a:e3:80:d9:8d:53:61:32:93:89:64:d6:39:dc:
         aa:d7:0c:ec:8c:be:fc:1a:57:ba:50:bf:df:fa:67:0c:00:67:
         79:fa:33:43:6b:fb:7e:d0:9f:26:53:5e:5f:a3:07:91:87:63:
         86:58:31:f5:9f:c0:e6:2a:80:db:6d:7f:39:dd:e7:ff:9b:8b:
         e4:af:6e:4a:72:2b:a7:0a:b3:06:d7:74:7a:e4:b9:47:f2:8b:
         ca:22:c7:80:50:cf:75:da:37:40:ae:1c:d6:6a:a4:ac:c2:49:
         ba:99:e9:12:de:1b:b5:75:bd:53:c1:66:6a:d3:50:6a:c5:59:
         22:16:ee:21:f8:1f:e8:a1:53:d3:a7:dc:7d:6a:ea:47:ac:98:
         88:30:55:64:b9:1f:56:89:33:e5:62:62:44:1d:cc:33:50:ae:
         0e:61:82:ca:1e:2d:e3:31:1e:6f:14:e7:8f:08:ee:05:93:90:
         8e:c6:e3:a0:42:6b:81:45:e0:b2:9d:78:79:c2:fe:34:2f:54:
         90:45:0b:c9:7c:84:60:35:c5:f9:f2:b3:46:c7:1c:1b:40:0a:
         32:10:17:70:ba:da:80:40:5d:c4:44:2d:6e:7d:b9:83:6f:b6:
         96:12:2b:96:22:a8:fd:39:be:bd:a6:49:ae:78:61:e1:f8:7e:
         ea:19:fc:26:a6:09:f6:09:3b:ff:b8:b5:d9:82:6d:96:3c:fd:
         e9:53:c1:21:6c:5f:fa:7a:83:ce:78:b9:41:90:4f:20:92:16:
         90:d7:ce:40:bc:f1:b3:2f:6c:75:db:4b:f1:89:88:a8:d6:3b:
         32:5d:6b:0e:c5:90:29:74:3e:42:f0:ba:13:24:fb:ec:65:1c:
         54:26:9e:fd:53:c8:27:f5:c8:0f:82:a2:ed:a8:c1:d0:83:8a:
         b1:56:d2:a0:d4:06:ad:b8:2c:f2:ca:f2:cd:f5:b0:75:3c:ed:
         a5:ec:b7:e4:07:f4:0b:da:b3:c6:12:73:f4:67:21:51:90:71:
         af:ad:46:8b:0b:1b:c3:47:95:ca:d7:dd:38:dd:a8:6c:13:ee:
         0f:94:91:7a:54:9d:0a:72:64:49:bf:79:3d:41:a8:47:4c:17:
         02:7f:f6:de:96:48:2c:c9:87:39:42:08:42:0a:35:48:ae:6c:
         0b:c9:8e:b9:49:15:cd:7f:38:93:44:df:2e:fb:d3:2e:31:cf:
         aa:96:d2:bc:11:63:9d:26:1d:40:d7:ae:a7:ea:b2:82:ec:fb:
         0b:12:20:fa:1a:c7:42:f8:83:40:15:1b:03:21:51:dc:39:cc:
         7b:63:5a:cd:fe:33:ff:94:ed:e2:14:18:09:a3:e3:f4:2f:92:
         d6:d1:cf:2a:a9:91:0e:93