diff options
Diffstat (limited to 'test')
-rwxr-xr-x | test/certs/mkcert.sh | 36 | ||||
-rwxr-xr-x | test/certs/setup.sh | 3 |
2 files changed, 38 insertions, 1 deletions
diff --git a/test/certs/mkcert.sh b/test/certs/mkcert.sh index 32fd5874d9..a564e30c6b 100755 --- a/test/certs/mkcert.sh +++ b/test/certs/mkcert.sh @@ -233,6 +233,40 @@ genee() { -set_serial 2 -days "${DAYS}" "$@" } +geneeextra() { + local OPTIND=1 + local purpose=serverAuth + + while getopts p: o + do + case $o in + p) purpose="$OPTARG";; + *) echo "Usage: $0 geneeextra [-p EKU] cn keyname certname cakeyname cacertname extraext" >&2 + return 1;; + esac + done + + shift $((OPTIND - 1)) + local cn=$1; shift + local key=$1; shift + local cert=$1; shift + local cakey=$1; shift + local ca=$1; shift + local extraext=$1; shift + + exts=$(printf "%s\n%s\n%s\n%s\n%s\n%s\n[alts]\n%s\n" \ + "subjectKeyIdentifier = hash" \ + "authorityKeyIdentifier = keyid, issuer" \ + "basicConstraints = CA:false" \ + "extendedKeyUsage = $purpose" \ + "subjectAltName = @alts"\ + "$extraext" "DNS=${cn}") + csr=$(req "$key" "CN = $cn") || return 1 + echo "$csr" | + cert "$cert" "$exts" -CA "${ca}.pem" -CAkey "${cakey}.pem" \ + -set_serial 2 -days "${DAYS}" "$@" +} + geneenocsr() { local OPTIND=1 local purpose=serverAuth @@ -241,7 +275,7 @@ geneenocsr() { do case $o in p) purpose="$OPTARG";; - *) echo "Usage: $0 genee [-p EKU] cn certname cakeyname cacertname" >&2 + *) echo "Usage: $0 geneenocsr [-p EKU] cn certname cakeyname cacertname" >&2 return 1;; esac done diff --git a/test/certs/setup.sh b/test/certs/setup.sh index ee3d678219..58d824ee26 100755 --- a/test/certs/setup.sh +++ b/test/certs/setup.sh @@ -400,3 +400,6 @@ OPENSSL_SIGALG=ED448 OPENSSL_KEYALG=ed448 ./mkcert.sh genroot "Root Ed448" \ root-ed448-key root-ed448-cert OPENSSL_SIGALG=ED448 OPENSSL_KEYALG=ed448 ./mkcert.sh genee ed448 \ server-ed448-key server-ed448-cert root-ed448-key root-ed448-cert + +# Cert with id-pkix-ocsp-no-check +./mkcert.sh geneeextra server.example ee-key ee-cert-ocsp-nocheck ca-key ca-cert "1.3.6.1.5.5.7.48.1.5=critical,DER:05:00" |