From 5a5891b8712ea66705f25c96bec4cf6d4f5174cb Mon Sep 17 00:00:00 2001
From: Matus Kysel <matus@blox.io>
Date: Tue, 2 Apr 2024 18:57:16 +0200
Subject: [PATCH] fix cert generation and added check for CA

---
 entry-point.sh              | 2 +-
 examples/generate_certs.sh  | 2 +-
 pkgs/initiator/initiator.go | 4 +++-
 3 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/entry-point.sh b/entry-point.sh
index 46b7d646..d33ace46 100644
--- a/entry-point.sh
+++ b/entry-point.sh
@@ -15,7 +15,7 @@ if [ "$1" = "start-operator" ]; then
       echo "Certificate or key file not found. Generating new SSL certificate and key."
       openssl req -x509 -newkey rsa:4096 -sha256 -days 3650 -nodes \
         -keyout "$KEY_FILE" -out "$CERT_FILE" \
-        -subj "/C=IL/ST=Tel Aviv/L=Tel Aviv/O=Coin-Dash Ltd/CN=*.ssvlabs.io"
+        -subj "/CN=localhost"
     else
       echo "Existing SSL certificate and key found. Using them."
     fi
diff --git a/examples/generate_certs.sh b/examples/generate_certs.sh
index bc3cc725..24f4292a 100755
--- a/examples/generate_certs.sh
+++ b/examples/generate_certs.sh
@@ -1,7 +1,7 @@
 #!/bin/bash
 
 openssl genrsa -out ./initiator/rootCA.key 4096
-openssl req -x509 -new -key ./initiator/rootCA.key -subj "/C=IL/ST=Tel Aviv/L=Tel Aviv/O=Coin-Dash Ltd/CN=*.ssvlabs.io" -days 3650 -out ./initiator/rootCA.crt
+openssl req -x509 -new -key ./initiator/rootCA.key -subj "/CN=localhost" -days 3650 -out ./initiator/rootCA.crt
 
 
 for i in $(seq 1 8);
diff --git a/pkgs/initiator/initiator.go b/pkgs/initiator/initiator.go
index acec6ce4..9f0b647f 100644
--- a/pkgs/initiator/initiator.go
+++ b/pkgs/initiator/initiator.go
@@ -100,7 +100,9 @@ func GenerateAggregatesKeyshares(keySharesArr []*wire.KeySharesCLI) (*wire.KeySh
 func New(operators wire.OperatorsCLI, logger *zap.Logger, ver string, certs []string) (*Initiator, error) {
 	client := req.C()
 	// set CA certificates if any
-	client.SetRootCertsFromFile(certs...)
+	if len(certs) > 0 {
+		client.SetRootCertsFromFile(certs...)
+	}
 	client.SetTLSClientConfig(&tls.Config{InsecureSkipVerify: true})
 	// Set timeout for operator responses
 	client.SetTimeout(30 * time.Second)