generate-self-signed-cert: Correct subjectAltName for an IP address.

Signed-off-by: Anders Kaseorg <anders@zulip.com>

scripts/setup/generate-self-signed-cert

@@ -50,6 +50,17 @@ if [ -z "$FORCE" ] && { [ -e "$KEYFILE" ] || [ -e "$CERTFILE" ]; }; then
 fi
 rm -f "$KEYFILE" "$CERTFILE"
 
+if [[ "$EXTERNAL_HOST" =~ ^(([0-9]+\.){3}[0-9]+)(:[0-9]+)?$ ]]; then
+    subjectAltName="IP:${BASH_REMATCH[1]}"  # IPv4 address
+elif [[ "$EXTERNAL_HOST" =~ ^\[([^][]*)\](:[0-9]+)?$ ]]; then
+    subjectAltName="IP:${BASH_REMATCH[1]}"  # IPv6 address
+elif [[ "$EXTERNAL_HOST" =~ ^([^:]+)(:[0-9]+)?$ ]]; then
+    subjectAltName="DNS:${BASH_REMATCH[1]}"
+else
+    echo "$0: invalid host $EXTERNAL_HOST" >&2
+    exit 1
+fi
+
 config="$(mktemp)" || exit 1
 trap 'rm -f "$config"' EXIT
 
@@ -72,7 +83,7 @@ commonName          = $EXTERNAL_HOST
 
 [ v3_req ]
 basicConstraints    = CA:FALSE
-subjectAltName      = DNS:$EXTERNAL_HOST
+subjectAltName      = $subjectAltName
 EOF
 
 if [ "$is_redhat" = true ]; then

tools/ci/success-http-headers-bionic.txt

@@ -1,6 +1,5 @@
   Self-signed certificate encountered.
-WARNING: no certificate subject alternative name matches
-	requested host name ‘localhost’.
+    WARNING: certificate common name ‘127.0.0.1’ doesn't match requested host name ‘localhost’.
   HTTP/1.1 302 Found
   Server: nginx/1.14.0 (Ubuntu)
   Content-Type: text/html; charset=utf-8

tools/ci/success-http-headers-focal.txt

@@ -1,6 +1,5 @@
   Self-signed certificate encountered.
-WARNING: no certificate subject alternative name matches
-	requested host name ‘localhost’.
+    WARNING: certificate common name ‘127.0.0.1’ doesn't match requested host name ‘localhost’.
   HTTP/1.1 302 Found
   Server: nginx/1.17.10 (Ubuntu)
   Content-Type: text/html; charset=utf-8