summaryrefslogtreecommitdiffstats
path: root/test/certs/mkcert.sh
diff options
context:
space:
mode:
Diffstat (limited to 'test/certs/mkcert.sh')
-rwxr-xr-xtest/certs/mkcert.sh33
1 files changed, 31 insertions, 2 deletions
diff --git a/test/certs/mkcert.sh b/test/certs/mkcert.sh
index 8863254b32..ee31bf0097 100755
--- a/test/certs/mkcert.sh
+++ b/test/certs/mkcert.sh
@@ -16,6 +16,10 @@ if [ -z "$OPENSSL_SIGALG" ]; then
OPENSSL_SIGALG=sha256
fi
+if [ -z "$REQMASK" ]; then
+ REQMASK=utf8only
+fi
+
stderr_onerror() {
(
err=$("$@" >&3 2>&1) || {
@@ -60,8 +64,8 @@ req() {
stderr_onerror \
openssl req -new -"${OPENSSL_SIGALG}" -key "${key}.pem" \
- -config <(printf "[req]\n%s\n%s\n[dn]\n" \
- "prompt = no" "distinguished_name = dn"
+ -config <(printf "string_mask=%s\n[req]\n%s\n%s\n[dn]\n" \
+ "$REQMASK" "prompt = no" "distinguished_name = dn"
for dn in "$@"; do echo "$dn"; done)
}
@@ -115,6 +119,9 @@ genca() {
do
exts=$(printf "%s\nextendedKeyUsage = %s\n" "$exts" "$eku")
done
+ if [ -n "$NC" ]; then
+ exts=$(printf "%s\nnameConstraints = %s\n" "$exts" "$NC")
+ fi
csr=$(req "$key" "CN = $cn") || return 1
echo "$csr" |
cert "$cert" "$exts" -CA "${cacert}.pem" -CAkey "${cakey}.pem" \
@@ -164,6 +171,28 @@ genpc() {
-set_serial 2 -days "${DAYS}"
}
+# Usage: $0 genalt keyname certname eekeyname eecertname alt1 alt2 ...
+#
+# Note: takes csr on stdin, so must be used with $0 req like this:
+#
+# $0 req keyname dn | $0 genalt keyname certname eekeyname eecertname alt ...
+geneealt() {
+ local key=$1; shift
+ local cert=$1; shift
+ local cakey=$1; shift
+ local ca=$1; shift
+
+ exts=$(printf "%s\n%s\n%s\n%s\n" \
+ "subjectKeyIdentifier = hash" \
+ "authorityKeyIdentifier = keyid" \
+ "basicConstraints = CA:false" \
+ "subjectAltName = @alts";
+ echo "[alts]";
+ for x in "$@"; do echo $x; done)
+ cert "$cert" "$exts" -CA "${ca}.pem" -CAkey "${cakey}.pem" \
+ -set_serial 2 -days "${DAYS}"
+}
+
genee() {
local OPTIND=1
local purpose=serverAuth
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-05 03:22:50 +0000