aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--debian/patches/Generate-X.509-version-3-CA-in-testsuite.patch31
-rw-r--r--debian/patches/series1
2 files changed, 32 insertions, 0 deletions
diff --git a/debian/patches/Generate-X.509-version-3-CA-in-testsuite.patch b/debian/patches/Generate-X.509-version-3-CA-in-testsuite.patch
new file mode 100644
index 0000000..74b2890
--- /dev/null
+++ b/debian/patches/Generate-X.509-version-3-CA-in-testsuite.patch
@@ -0,0 +1,31 @@
+From: Guilhem Moulin <guilhem@fripost.org>
+Date: Wed, 6 Mar 2024 14:37:29 +0100
+Subject: tests/certs/generate: Generate X.509 version 3 CA.
+
+And pass CA:TRUE as basic constraint. This fixes the test suite with
+OpenSSL 3.2 with defaults to X.509v3 and CA:FALSE.
+
+Origin: https://git.guilhem.org/interimap/commit/?id=eb254348085047702ee37e405d171d894dc5ffff
+Bug-Debian: https://bugs.debian.org/1065529
+---
+ tests/certs/generate | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/tests/certs/generate b/tests/certs/generate
+index 8e9c451..f449764 100755
+--- a/tests/certs/generate
++++ b/tests/certs/generate
+@@ -22,7 +22,12 @@ genpkey() {
+ # generate CA (we intentionally throw away the private key and serial
+ # file to avoid reuse)
+ genpkey "$cadir/ca.key" -algorithm RSA
+-openssl req -new -x509 -rand /dev/urandom -subj "/OU=$OU/CN=Fake Root CA" -key "$cadir/ca.key" -out ./ca.crt
++openssl req -new -x509 -rand /dev/urandom \
++ -subj "/OU=$OU/CN=Fake Root CA" \
++ -addext subjectKeyIdentifier="hash" \
++ -addext authorityKeyIdentifier="keyid:always,issuer" \
++ -addext basicConstraints="critical,CA:TRUE" \
++ -key "$cadir/ca.key" -out ./ca.crt
+
+ SERIAL=1
+ new() {
diff --git a/debian/patches/series b/debian/patches/series
index e237c35..35ce054 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,2 +1,3 @@
Mention-the-Debian-BTS-in-the-manpages.patch
Skip-randomized-tests.patch
+Generate-X.509-version-3-CA-in-testsuite.patch