mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-04-06 20:20:50 +08:00
Code Issues Packages Projects Releases Wiki Activity

test/certs/setup.sh: Fix two glitches

Browse Source 
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13606)
This commit is contained in:
Dr. David von Oheimb 2020-12-03 15:26:48 +01:00
parent e99505b4d0
commit d7cdb8b606
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
test/certs/setup.sh
View File

@ -1,4 +1,4 @@
#! /bin/sh
#! /bin/bash
# Primary root: root-cert
# root cert variants: CA:false, key2, DN2
@ -169,7 +169,7 @@ openssl x509 -in sca-cert.pem -trustout \
./mkcert.sh genee server.example ee-key ee-name2 ca-key ca-name2
./mkcert.sh genee -p clientAuth server.example ee-key ee-client ca-key ca-cert
./mkcert.sh genee server.example ee-key ee-pathlen ca-key ca-cert \
-extfile <(echo "basicConstraints=CA:FALSE,pathlen:0")
-extfile <(echo "basicConstraints=CA:FALSE,pathlen:0") # bash needed here
#
openssl x509 -in ee-cert.pem -trustout \
-addtrust serverAuth -out ee+serverAuth.pem
@ -211,7 +211,7 @@ OPENSSL_KEYBITS=8192 \
./mkcert.sh genee server.example ee-key-8192 ee-cert-8192 ca-key ca-cert
# self-signed end-entity cert with explicit keyUsage not including KeyCertSign
openssl req -new -x509 -key ee-key.pem -subj /CN=ee-self-signed -out ee-self-signed.pem -addext keyUsage=digitalSignature -days 36500
openssl req -new -x509 -key ee-key.pem -subj /CN=ee-self-signed -out ee-self-signed.pem -addext keyUsage=digitalSignature -days 36525
# Proxy certificates, off of ee-client
# Start with some good ones