From f9773889a146722c3289240d3651df1beb9df41a Mon Sep 17 00:00:00 2001
From: Ed Santiago <santiago@redhat.com>
Date: Thu, 1 Oct 2020 06:32:55 -0600
Subject: [PATCH] Add Subject Alternative Name to local openssl cert

Go 1.15 deprecates checking CN; this broke gating tests:

   Get "https://localhost:5000/v2/": x509: certificate relies on legacy Common Name field, use SANs or temporarily enable Common Name matching with GODEBUG=x509ignoreCN=0

Easy two-line solution in the 'openssl' invocation. Huge
thanks to Nalin for tracking down and fixing while I was
still getting started:

   https://github.com/containers/buildah/pull/2595

Copied from 0f2892a5b021de3b1cf273f5679fda8298b57c02 in buildah

Signed-off-by: Ed Santiago <santiago@redhat.com>
---
 systemtest/helpers.bash | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/systemtest/helpers.bash b/systemtest/helpers.bash
index 7884acf90..a98beedfb 100644
--- a/systemtest/helpers.bash
+++ b/systemtest/helpers.bash
@@ -331,7 +331,8 @@ start_registry() {
             log_and_run openssl req -newkey rsa:4096 -nodes -sha256 \
                     -keyout $AUTHDIR/domain.key -x509 -days 2 \
                     -out $CERT \
-                    -subj "/C=US/ST=Foo/L=Bar/O=Red Hat, Inc./CN=localhost"
+                    -subj "/C=US/ST=Foo/L=Bar/O=Red Hat, Inc./CN=registry host certificate" \
+                    -addext subjectAltName=DNS:localhost
         fi
 
         reg_args+=(