diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-17 13:43:02 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-17 13:43:02 +0000 |
commit | fdf532b1ed005481d9fc9a49ed2bf3f9d29db64d (patch) | |
tree | 380619f479f5eb58405b52500266132dbda8f95c /debian/perl-framework/Apache-Test/lib/Apache/TestSSLCA.pm | |
parent | Merging upstream version 2.4.59. (diff) | |
download | apache2-fdf532b1ed005481d9fc9a49ed2bf3f9d29db64d.tar.xz apache2-fdf532b1ed005481d9fc9a49ed2bf3f9d29db64d.zip |
Merging debian version 2.4.59-1~deb12u1.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'debian/perl-framework/Apache-Test/lib/Apache/TestSSLCA.pm')
-rw-r--r-- | debian/perl-framework/Apache-Test/lib/Apache/TestSSLCA.pm | 19 |
1 files changed, 16 insertions, 3 deletions
diff --git a/debian/perl-framework/Apache-Test/lib/Apache/TestSSLCA.pm b/debian/perl-framework/Apache-Test/lib/Apache/TestSSLCA.pm index fc4c685..ca37f16 100644 --- a/debian/perl-framework/Apache-Test/lib/Apache/TestSSLCA.pm +++ b/debian/perl-framework/Apache-Test/lib/Apache/TestSSLCA.pm @@ -294,8 +294,20 @@ nsComment = This Is A Comment 1.3.6.1.4.1.18060.12.0 = DER:0c064c656d6f6e73 subjectAltName = email:\$mail$san_msupn +[ client_ext ] +extendedKeyUsage = clientAuth + [ server_ext ] subjectAltName = DNS:\$CN$san_dnssrv +extendedKeyUsage = serverAuth +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid,issuer + +[ ca_ext ] +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid:always,issuer +basicConstraints = critical,CA:true + EOF return $file; @@ -326,7 +338,7 @@ sub new_ca { join ':', dn_oneline('client_snakeoil'), $basic_auth_password); - openssl req => "-new -x509 -keyout $cakey -out $cacert $days", + openssl req => "-new -x509 -extensions ca_ext -keyout $cakey -out $cacert $days", config('ca'); export_cert('ca'); #useful for importing into IE @@ -367,7 +379,8 @@ sub sign_cert { my $name = shift; my $exts = ''; - $exts = ' -extensions client_ok_ext' if $name =~ /client_ok/; + $exts = ' -extensions client_ext' if $name =~ /client/; + $exts .= ' -extensions client_ok_ext' if $name =~ /client_ok/; $exts = ' -extensions server_ext' if $name =~ /server/; @@ -423,7 +436,7 @@ sub hash_certs { for my $file ($dh->read) { next unless $file =~ /\.cr[tl]$/; - chomp(my $hash = `openssl $type -noout -hash < $file`); + chomp(my $hash = `$openssl $type -noout -hash < $file`); next unless $hash; my $symlink = "$hash.r$n"; $n++; |