From 722b7f5a6834f2ca6c8ea03aa3a7c96a7a84873c Mon Sep 17 00:00:00 2001
From: Daniel Baumann <daniel.baumann@progress-linux.org>
Date: Wed, 17 Apr 2024 15:43:00 +0200
Subject: Adding debian version 2.4.59-1~deb12u1.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
---
 .../Apache-Test/lib/Apache/TestSSLCA.pm               | 19 ++++++++++++++++---
 1 file changed, 16 insertions(+), 3 deletions(-)

(limited to 'debian/perl-framework/Apache-Test/lib/Apache/TestSSLCA.pm')

diff --git a/debian/perl-framework/Apache-Test/lib/Apache/TestSSLCA.pm b/debian/perl-framework/Apache-Test/lib/Apache/TestSSLCA.pm
index fc4c685..ca37f16 100644
--- a/debian/perl-framework/Apache-Test/lib/Apache/TestSSLCA.pm
+++ b/debian/perl-framework/Apache-Test/lib/Apache/TestSSLCA.pm
@@ -294,8 +294,20 @@ nsComment = This Is A Comment
 1.3.6.1.4.1.18060.12.0 = DER:0c064c656d6f6e73
 subjectAltName = email:\$mail$san_msupn
 
+[ client_ext ]
+extendedKeyUsage = clientAuth
+
 [ server_ext ]
 subjectAltName = DNS:\$CN$san_dnssrv
+extendedKeyUsage = serverAuth
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer
+
+[ ca_ext ]
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid:always,issuer
+basicConstraints = critical,CA:true
+
 EOF
 
     return $file;
@@ -326,7 +338,7 @@ sub new_ca {
               join ':', dn_oneline('client_snakeoil'),
               $basic_auth_password);
 
-    openssl req => "-new -x509 -keyout $cakey -out $cacert $days",
+    openssl req => "-new -x509 -extensions ca_ext -keyout $cakey -out $cacert $days",
                    config('ca');
 
     export_cert('ca'); #useful for importing into IE
@@ -367,7 +379,8 @@ sub sign_cert {
     my $name = shift;
     my $exts = '';
 
-    $exts = ' -extensions client_ok_ext' if $name =~ /client_ok/;
+    $exts = ' -extensions client_ext' if $name =~ /client/;
+    $exts .= ' -extensions client_ok_ext' if $name =~ /client_ok/;
 
     $exts = ' -extensions server_ext' if $name =~ /server/;
 
@@ -423,7 +436,7 @@ sub hash_certs {
 
     for my $file ($dh->read) {
         next unless $file =~ /\.cr[tl]$/;
-        chomp(my $hash = `openssl $type -noout -hash < $file`);
+        chomp(my $hash = `$openssl $type -noout -hash < $file`);
         next unless $hash;
         my $symlink = "$hash.r$n";
         $n++;
-- 
cgit v1.2.3