diff options
Diffstat (limited to 'regress/lib')
| -rw-r--r-- | regress/lib/libcrypto/CA/Makefile | 6 | ||||
| -rw-r--r-- | regress/lib/libcrypto/CA/intermediate.cnf | 6 | ||||
| -rw-r--r-- | regress/lib/libcrypto/CA/root.cnf | 18 |
3 files changed, 25 insertions, 5 deletions
diff --git a/regress/lib/libcrypto/CA/Makefile b/regress/lib/libcrypto/CA/Makefile index 3616b132bfc..d430121d143 100644 --- a/regress/lib/libcrypto/CA/Makefile +++ b/regress/lib/libcrypto/CA/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.3 2020/12/26 14:42:09 bluhm Exp $ +# $OpenBSD: Makefile,v 1.4 2022/03/14 21:30:48 tb Exp $ CLEANFILES += *.pem *.serial *.txt *.attr *.old @@ -59,7 +59,7 @@ server.key.pem: stamp-clean server.csr.pem: intermediate.cnf server.key.pem # server req openssl req -batch -config ${.CURDIR}/intermediate.cnf -new -sha256 \ - -subj '/CN=server/O=OpenBSD/OU=So and Sos/C=CA' \ + -subj '/CN=server.openbsd.org/OU=So and Sos/O=OpenBSD/C=CA' \ -key server.key.pem -out server.csr.pem # Sign server key @@ -77,7 +77,7 @@ client.key.pem: stamp-clean client.csr.pem: intermediate.cnf intermediate.cert.pem client.key.pem # client req openssl req -batch -config ${.CURDIR}/intermediate.cnf -new -sha256 \ - -subj '/CN=client/O=OpenBSD/OU=So and Sos/C=CA' \ + -subj '/CN=client/OU=So and Sos/O=OpenBSD/C=CA' \ -key client.key.pem -out client.csr.pem # Sign client key diff --git a/regress/lib/libcrypto/CA/intermediate.cnf b/regress/lib/libcrypto/CA/intermediate.cnf index bbf189d2682..d0057ca13fa 100644 --- a/regress/lib/libcrypto/CA/intermediate.cnf +++ b/regress/lib/libcrypto/CA/intermediate.cnf @@ -1,4 +1,4 @@ -# $OpenBSD: intermediate.cnf,v 1.3 2020/12/26 00:48:56 bluhm Exp $ +# $OpenBSD: intermediate.cnf,v 1.4 2022/03/14 21:30:48 tb Exp $ # For regression tests default_ca = CA_regress @@ -105,6 +105,10 @@ subjectKeyIdentifier = hash authorityKeyIdentifier = keyid,issuer keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment extendedKeyUsage = clientAuth, emailProtection +subjectAltName = critical, @usr_san + +[ usr_san ] +email.0 = evilsoandsos@test.openbsd.org [ server_cert ] # Extensions for server certificates (`man x509v3_config`). diff --git a/regress/lib/libcrypto/CA/root.cnf b/regress/lib/libcrypto/CA/root.cnf index 506542e943b..30a442f1361 100644 --- a/regress/lib/libcrypto/CA/root.cnf +++ b/regress/lib/libcrypto/CA/root.cnf @@ -1,4 +1,4 @@ -# $OpenBSD: root.cnf,v 1.3 2020/12/26 00:48:56 bluhm Exp $ +# $OpenBSD: root.cnf,v 1.4 2022/03/14 21:30:48 tb Exp $ # For regression tests default_ca = CA_regress @@ -95,6 +95,22 @@ subjectKeyIdentifier = hash authorityKeyIdentifier = keyid:always,issuer basicConstraints = critical, CA:true, pathlen:0 keyUsage = critical, digitalSignature, cRLSign, keyCertSign +nameConstraints = critical, @ca_name_constraints + +[ ca_name_constraints ] +permitted;DNS.0 = .openbsd.org +permitted;DNS.1 = client +permitted;email.0 = openbsd.org +permitted;email.1 = @test.openbsd.org +permitted;URI.0 = .openbsd.org +permitted;dirName.0 = openbsd_dn +permitted;otherName.0 = 1.3.6.1.4.1.311.20.2.3;UTF8:@openbsd.org +excluded;IP.0 = 0.0.0.0/0.0.0.0 +excluded;IP.1 = 0:0:0:0:0:0:0:0/0:0:0:0:0:0:0:0 + +[ openbsd_dn ] +C = CA +O = OpenBSD [ usr_cert ] # Extensions for client certificates (`man x509v3_config`). |