summaryrefslogtreecommitdiffstats
path: root/debian/perl-framework/Apache-Test/lib/Apache/TestSSLCA.pm
diff options
context:
space:
mode:
Diffstat (limited to 'debian/perl-framework/Apache-Test/lib/Apache/TestSSLCA.pm')
-rw-r--r--debian/perl-framework/Apache-Test/lib/Apache/TestSSLCA.pm29
1 files changed, 22 insertions, 7 deletions
diff --git a/debian/perl-framework/Apache-Test/lib/Apache/TestSSLCA.pm b/debian/perl-framework/Apache-Test/lib/Apache/TestSSLCA.pm
index 3f1a24a..ca37f16 100644
--- a/debian/perl-framework/Apache-Test/lib/Apache/TestSSLCA.pm
+++ b/debian/perl-framework/Apache-Test/lib/Apache/TestSSLCA.pm
@@ -23,7 +23,7 @@ use DirHandle ();
use File::Path ();
use File::Copy 'cp';
use File::Basename;
-use Net::SSLeay;
+use File::Spec::Functions qw(devnull);
use Apache::TestConfig ();
use Apache::TestTrace;
@@ -73,6 +73,7 @@ if (Apache::Test::normalize_vstring($version) <
my $sslproto = "all";
+eval { require Net::SSLeay; };
if (Apache::Test::normalize_vstring($version) >=
Apache::Test::normalize_vstring("1.1.1")
&& !defined(&Net::SSLeay::CTX_set_post_handshake_auth)) {
@@ -293,8 +294,20 @@ nsComment = This Is A Comment
1.3.6.1.4.1.18060.12.0 = DER:0c064c656d6f6e73
subjectAltName = email:\$mail$san_msupn
+[ client_ext ]
+extendedKeyUsage = clientAuth
+
[ server_ext ]
subjectAltName = DNS:\$CN$san_dnssrv
+extendedKeyUsage = serverAuth
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer
+
+[ ca_ext ]
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid:always,issuer
+basicConstraints = critical,CA:true
+
EOF
return $file;
@@ -325,7 +338,7 @@ sub new_ca {
join ':', dn_oneline('client_snakeoil'),
$basic_auth_password);
- openssl req => "-new -x509 -keyout $cakey -out $cacert $days",
+ openssl req => "-new -x509 -extensions ca_ext -keyout $cakey -out $cacert $days",
config('ca');
export_cert('ca'); #useful for importing into IE
@@ -366,7 +379,8 @@ sub sign_cert {
my $name = shift;
my $exts = '';
- $exts = ' -extensions client_ok_ext' if $name =~ /client_ok/;
+ $exts = ' -extensions client_ext' if $name =~ /client/;
+ $exts .= ' -extensions client_ok_ext' if $name =~ /client_ok/;
$exts = ' -extensions server_ext' if $name =~ /server/;
@@ -422,7 +436,7 @@ sub hash_certs {
for my $file ($dh->read) {
next unless $file =~ /\.cr[tl]$/;
- chomp(my $hash = `openssl $type -noout -hash < $file`);
+ chomp(my $hash = `$openssl $type -noout -hash < $file`);
next unless $hash;
my $symlink = "$hash.r$n";
$n++;
@@ -572,9 +586,10 @@ sub gendir {
}
sub version {
- my $version = qx($openssl version);
- return $1 if $version =~ /^OpenSSL (\S+) /;
- return 0;
+ my $devnull = devnull();
+ my $version = qx($openssl version 2>$devnull);
+ return $1 if $version =~ /^\S+SSL (\S+)/;
+ die "FATAL: unable to determine openssl version via `$openssl version` from: $version";
}
sub dgst {
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-21 12:46:25 +0000