Skip to content

test: fix expired cert #552

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
howardjohn merged 1 commit into from
Oct 16, 2025
Merged

test: fix expired cert #552

howardjohn merged 1 commit into from
Oct 16, 2025

Conversation

@howardjohn
Copy link
Collaborator

@howardjohn howardjohn commented Oct 16, 2025

oops

Copilot AI review requested due to automatic review settings October 16, 2025 20:16
@howardjohn howardjohn requested a review from a team as a code owner October 16, 2025 20:16
Copilot AI reviewed Oct 16, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

Refresh example TLS materials and extend the generator script to avoid expired certs

  • Regenerate example TLS certificate and EC private key.
  • Update gen.sh to set a 10-year validity via --not-after 87600h.

Reviewed Changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 3 comments.

File Description
examples/tls/certs/key.pem Replaced example EC private key.
examples/tls/certs/cert.pem Replaced example certificate with a new one.
examples/tls/certs/gen.sh Added --not-after flag to extend certificate validity.

Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.

examples/tls/certs/gen.sh
--san localhost \
--no-password --insecure
--no-password --insecure \
--not-after 87600h # 10 years, since its just for testing
Copy link

Copilot AI Oct 16, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Use the correct contraction: change 'its' to 'it's' in the inline comment.

Suggested change
--not-after 87600h # 10 years, since its just for testing
--not-after 87600h # 10 years, since it's just for testing

Copilot uses AI. Check for mistakes.
examples/tls/certs/gen.sh
Comment on lines +16 to +17
--no-password --insecure \
--not-after 87600h # 10 years, since its just for testing
Copy link

Copilot AI Oct 16, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A 10-year certificate validity significantly increases exposure if the private key leaks. For test/dev usage, prefer a much shorter default (e.g., 24h or 168h) and/or make the duration configurable via an environment variable, for example: DURATION=${DURATION:-168h} and then use --not-after "$DURATION".

Copilot uses AI. Check for mistakes.
examples/tls/certs/key.pem
Comment on lines 1 to 5
-----BEGIN EC PRIVATE KEY-----
MHcCAQEEIBMqDe+zi5THTtiILMRzbu0mUqEkYxi/Plcb7ScXzKjqoAoGCCqGSM49
AwEHoUQDQgAEcGqqm/fQvKtfX9zCRmSCeGpuRnbgXm0RVFR3hLipvq1ilrtpJkpU
GBVzBMeLVHLhafLOF6fccIK+rtJ5eDvTzA==
MHcCAQEEILERHUfgJDnnUdOd4JvwAURLG/V4TJjSS7Ng8+xcmk1+oAoGCCqGSM49
AwEHoUQDQgAEZMqwS9W/qxdwGYziluuV2HO3ZXnThD//DbwZBZIW79rvqgbP2p1P
069Cg22eA9yWgRG9JRxpazKP/lapsrwsCA==
-----END EC PRIVATE KEY-----
Copy link

Copilot AI Oct 16, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Committing a private key to the repository is risky, even for examples. Consider removing cert.pem/key.pem from version control, adding them to .gitignore, and relying on gen.sh to generate them on demand (e.g., as part of a test or setup step).

Copilot uses AI. Check for mistakes.
@howardjohn howardjohn merged commit bd9457f into agentgateway:main Oct 16, 2025
7 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@howardjohn