diff options
| author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-17 13:43:00 +0000 |
|---|---|---|
| committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-17 13:43:00 +0000 |
| commit | 722b7f5a6834f2ca6c8ea03aa3a7c96a7a84873c (patch) | |
| tree | 7ea234da7d12316415070d51fc318ad2a2f02e3a /debian/perl-framework/Apache-Test/lib/Apache/TestSSLCA.pm | |
| parent | Merging upstream version 2.4.59. (diff) | |
| download | apache2-debian.tar.xz apache2-debian.zip | |
Adding debian version 2.4.59-1~deb12u1.debian/2.4.59-1_deb12u1debian
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'debian/perl-framework/Apache-Test/lib/Apache/TestSSLCA.pm')
| -rw-r--r-- | debian/perl-framework/Apache-Test/lib/Apache/TestSSLCA.pm | 19 |
1 files changed, 16 insertions, 3 deletions
diff --git a/debian/perl-framework/Apache-Test/lib/Apache/TestSSLCA.pm b/debian/perl-framework/Apache-Test/lib/Apache/TestSSLCA.pm index fc4c685..ca37f16 100644 --- a/debian/perl-framework/Apache-Test/lib/Apache/TestSSLCA.pm +++ b/debian/perl-framework/Apache-Test/lib/Apache/TestSSLCA.pm @@ -294,8 +294,20 @@ nsComment = This Is A Comment 1.3.6.1.4.1.18060.12.0 = DER:0c064c656d6f6e73 subjectAltName = email:\$mail$san_msupn +[ client_ext ] +extendedKeyUsage = clientAuth + [ server_ext ] subjectAltName = DNS:\$CN$san_dnssrv +extendedKeyUsage = serverAuth +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid,issuer + +[ ca_ext ] +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid:always,issuer +basicConstraints = critical,CA:true + EOF return $file; @@ -326,7 +338,7 @@ sub new_ca { join ':', dn_oneline('client_snakeoil'), $basic_auth_password); - openssl req => "-new -x509 -keyout $cakey -out $cacert $days", + openssl req => "-new -x509 -extensions ca_ext -keyout $cakey -out $cacert $days", config('ca'); export_cert('ca'); #useful for importing into IE @@ -367,7 +379,8 @@ sub sign_cert { my $name = shift; my $exts = ''; - $exts = ' -extensions client_ok_ext' if $name =~ /client_ok/; + $exts = ' -extensions client_ext' if $name =~ /client/; + $exts .= ' -extensions client_ok_ext' if $name =~ /client_ok/; $exts = ' -extensions server_ext' if $name =~ /server/; @@ -423,7 +436,7 @@ sub hash_certs { for my $file ($dh->read) { next unless $file =~ /\.cr[tl]$/; - chomp(my $hash = `openssl $type -noout -hash < $file`); + chomp(my $hash = `$openssl $type -noout -hash < $file`); next unless $hash; my $symlink = "$hash.r$n"; $n++; |