mirror of
https://github.com/openssl/openssl.git
synced 2024-12-15 06:01:37 +08:00
cf8422480a
Add a test to exercise the use of s_server with "-cert_chain" to construct an ocsp request. This new functionality was added in PR #22192. Testing: make V=1 TESTS='test_ocsp_cert_chain' test Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23101)
35 lines
970 B
INI
35 lines
970 B
INI
HOME = .
|
|
default_ca = ca
|
|
config_diagnostics = 1
|
|
|
|
####################################################################
|
|
|
|
[ req ]
|
|
x509_extensions = v3_ca
|
|
|
|
####################################################################
|
|
|
|
[ usr_cert ]
|
|
basicConstraints = critical, CA:FALSE
|
|
keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment
|
|
subjectKeyIdentifier = hash
|
|
##authorityInfoAccess = OCSP;URI:http://127.0.0.1:19254/ocsp
|
|
# we do not include aia in the cert.
|
|
# we use the s_server option "-status_url" to specify the url.
|
|
|
|
####################################################################
|
|
|
|
[ v3_ca ]
|
|
subjectKeyIdentifier = hash
|
|
authorityKeyIdentifier = keyid:always
|
|
basicConstraints = critical,CA:true
|
|
keyUsage = critical, cRLSign, keyCertSign
|
|
|
|
####################################################################
|
|
|
|
# Minimal CA entry to allow generation of CRLs.
|
|
[ ca ]
|
|
default_md = sha256
|
|
database = index.txt
|
|
crlnumber = crlnum.txt
|