blob: 74b2890a4dadc4ffa56214e601a284e18f6ab053 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
|
From: Guilhem Moulin <guilhem@fripost.org>
Date: Wed, 6 Mar 2024 14:37:29 +0100
Subject: tests/certs/generate: Generate X.509 version 3 CA.
And pass CA:TRUE as basic constraint. This fixes the test suite with
OpenSSL 3.2 with defaults to X.509v3 and CA:FALSE.
Origin: https://git.guilhem.org/interimap/commit/?id=eb254348085047702ee37e405d171d894dc5ffff
Bug-Debian: https://bugs.debian.org/1065529
---
tests/certs/generate | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/tests/certs/generate b/tests/certs/generate
index 8e9c451..f449764 100755
--- a/tests/certs/generate
+++ b/tests/certs/generate
@@ -22,7 +22,12 @@ genpkey() {
# generate CA (we intentionally throw away the private key and serial
# file to avoid reuse)
genpkey "$cadir/ca.key" -algorithm RSA
-openssl req -new -x509 -rand /dev/urandom -subj "/OU=$OU/CN=Fake Root CA" -key "$cadir/ca.key" -out ./ca.crt
+openssl req -new -x509 -rand /dev/urandom \
+ -subj "/OU=$OU/CN=Fake Root CA" \
+ -addext subjectKeyIdentifier="hash" \
+ -addext authorityKeyIdentifier="keyid:always,issuer" \
+ -addext basicConstraints="critical,CA:TRUE" \
+ -key "$cadir/ca.key" -out ./ca.crt
SERIAL=1
new() {
|
