diff options
Diffstat (limited to 'test/certs/mkcert.sh')
-rwxr-xr-x | test/certs/mkcert.sh | 33 |
1 files changed, 31 insertions, 2 deletions
diff --git a/test/certs/mkcert.sh b/test/certs/mkcert.sh index 8863254b32..ee31bf0097 100755 --- a/test/certs/mkcert.sh +++ b/test/certs/mkcert.sh @@ -16,6 +16,10 @@ if [ -z "$OPENSSL_SIGALG" ]; then OPENSSL_SIGALG=sha256 fi +if [ -z "$REQMASK" ]; then + REQMASK=utf8only +fi + stderr_onerror() { ( err=$("$@" >&3 2>&1) || { @@ -60,8 +64,8 @@ req() { stderr_onerror \ openssl req -new -"${OPENSSL_SIGALG}" -key "${key}.pem" \ - -config <(printf "[req]\n%s\n%s\n[dn]\n" \ - "prompt = no" "distinguished_name = dn" + -config <(printf "string_mask=%s\n[req]\n%s\n%s\n[dn]\n" \ + "$REQMASK" "prompt = no" "distinguished_name = dn" for dn in "$@"; do echo "$dn"; done) } @@ -115,6 +119,9 @@ genca() { do exts=$(printf "%s\nextendedKeyUsage = %s\n" "$exts" "$eku") done + if [ -n "$NC" ]; then + exts=$(printf "%s\nnameConstraints = %s\n" "$exts" "$NC") + fi csr=$(req "$key" "CN = $cn") || return 1 echo "$csr" | cert "$cert" "$exts" -CA "${cacert}.pem" -CAkey "${cakey}.pem" \ @@ -164,6 +171,28 @@ genpc() { -set_serial 2 -days "${DAYS}" } +# Usage: $0 genalt keyname certname eekeyname eecertname alt1 alt2 ... +# +# Note: takes csr on stdin, so must be used with $0 req like this: +# +# $0 req keyname dn | $0 genalt keyname certname eekeyname eecertname alt ... +geneealt() { + local key=$1; shift + local cert=$1; shift + local cakey=$1; shift + local ca=$1; shift + + exts=$(printf "%s\n%s\n%s\n%s\n" \ + "subjectKeyIdentifier = hash" \ + "authorityKeyIdentifier = keyid" \ + "basicConstraints = CA:false" \ + "subjectAltName = @alts"; + echo "[alts]"; + for x in "$@"; do echo $x; done) + cert "$cert" "$exts" -CA "${ca}.pem" -CAkey "${cakey}.pem" \ + -set_serial 2 -days "${DAYS}" +} + genee() { local OPTIND=1 local purpose=serverAuth |