Skip to content

add snakeoil certificates #86

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 9 commits into
base: mainline
Choose a base branch
from
Open

add snakeoil certificates #86

wants to merge 9 commits into from

Conversation

@parimoh
Copy link
Contributor

@parimoh parimoh commented Aug 7, 2025
edited
Loading

This PR is meant to address #54. I'm gonna test this / research a bit more on this as well just to make sure that it actually works as intended and does everything it's supposed to.

Summary

Adds make-ssl-cert functionality to both Debian and Alpine variants for generating self-signed certificates which allows for SSL/TLS testing capabilities.

Changes Made

Debian Images:

  • Added ssl-cert package to runtime dependencies
  • Uses existing openssl command-line tools (installed as dependency)
  • Provides standard make-ssl-cert generate-default-snakeoil command
  • Creates certificates at /etc/ssl/certs/ssl-cert-snakeoil.pem and /etc/ssl/private/ssl-cert-snakeoil.key

Alpine Images:

  • Added minimal make-ssl-cert shell script
  • Uses existing openssl package
  • Syntax: make-ssl-cert <cert_path> <key_path>

Usage Examples

Debian:

docker run --rm valkey:debian make-ssl-cert generate-default-snakeoil

Alpine:

docker run --rm valkey:alpine make-ssl-cert /tmp/cert.pem /tmp/key.pem

Testing

  • Both variants generate valid X.509 certificates with 10-year validity
  • Certificate subject: CN=localhost
  • Verified certificate/key pair matching
  • No breaking changes to existing functionality
  • OpenSSL installation confirmed on both variants

Size Impact

  • Debian: +20KB (ssl-cert package)
  • Alpine: +200 bytes (shell script)

roshkhatri
roshkhatri reviewed Aug 8, 2025
View reviewed changes
Dockerfile.template Outdated
Comment on lines 165 to 166
printf '#!/bin/sh\nset -e\nif [ $# -ne 2 ]; then\n echo "Usage: make-ssl-cert <cert_file> <key_file>" >&2\n exit 1\nfi\nmkdir -p "$(dirname "$1")" "$(dirname "$2")"\nopenssl req -new -x509 -days 3650 -nodes -out "$1" -keyout "$2" -subj "/CN=localhost"\n' > /usr/local/bin/make-ssl-cert; \
chmod +x /usr/local/bin/make-ssl-cert
Copy link
Member

@roshkhatri roshkhatri Aug 8, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we make this script like entrypoint.sh and copy it to the image??
We are essentially creating it on runtime here

@roshkhatri
Copy link
Member

Also can we add tests for these?

@Nikhil-Manglore Nikhil-Manglore self-requested a review September 10, 2025 20:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@roshkhatri roshkhatri roshkhatri left review comments

@Nikhil-Manglore Nikhil-Manglore Awaiting requested review from Nikhil-Manglore

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@parimoh @roshkhatri