diff options
author | Guilhem Moulin <guilhem@debian.org> | 2024-05-04 14:11:40 +0200 |
---|---|---|
committer | Guilhem Moulin <guilhem@debian.org> | 2024-05-04 14:14:01 +0200 |
commit | 0897d98e08de9a4341e867e1454547067007d3a0 (patch) | |
tree | 91197604ad9f7ebafdeb067bd0f2f42c94741498 /debian/patches/Generate-X.509-version-3-CA-in-testsuite.patch | |
parent | 28b7f827136aa7ef196a3066bfc73a3d1dc2e0f5 (diff) |
Cherry pick upstream patch to generate X.509 version 3 CA prior to running the test suite.
Closes: #1065529
Diffstat (limited to 'debian/patches/Generate-X.509-version-3-CA-in-testsuite.patch')
-rw-r--r-- | debian/patches/Generate-X.509-version-3-CA-in-testsuite.patch | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/debian/patches/Generate-X.509-version-3-CA-in-testsuite.patch b/debian/patches/Generate-X.509-version-3-CA-in-testsuite.patch new file mode 100644 index 0000000..74b2890 --- /dev/null +++ b/debian/patches/Generate-X.509-version-3-CA-in-testsuite.patch @@ -0,0 +1,31 @@ +From: Guilhem Moulin <guilhem@fripost.org> +Date: Wed, 6 Mar 2024 14:37:29 +0100 +Subject: tests/certs/generate: Generate X.509 version 3 CA. + +And pass CA:TRUE as basic constraint. This fixes the test suite with +OpenSSL 3.2 with defaults to X.509v3 and CA:FALSE. + +Origin: https://git.guilhem.org/interimap/commit/?id=eb254348085047702ee37e405d171d894dc5ffff +Bug-Debian: https://bugs.debian.org/1065529 +--- + tests/certs/generate | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +diff --git a/tests/certs/generate b/tests/certs/generate +index 8e9c451..f449764 100755 +--- a/tests/certs/generate ++++ b/tests/certs/generate +@@ -22,7 +22,12 @@ genpkey() { + # generate CA (we intentionally throw away the private key and serial + # file to avoid reuse) + genpkey "$cadir/ca.key" -algorithm RSA +-openssl req -new -x509 -rand /dev/urandom -subj "/OU=$OU/CN=Fake Root CA" -key "$cadir/ca.key" -out ./ca.crt ++openssl req -new -x509 -rand /dev/urandom \ ++ -subj "/OU=$OU/CN=Fake Root CA" \ ++ -addext subjectKeyIdentifier="hash" \ ++ -addext authorityKeyIdentifier="keyid:always,issuer" \ ++ -addext basicConstraints="critical,CA:TRUE" \ ++ -key "$cadir/ca.key" -out ./ca.crt + + SERIAL=1 + new() { |