diff options
author | Dmitry Belyavskiy <beldmit@gmail.com> | 2022-09-25 11:39:55 +0200 |
---|---|---|
committer | Dmitry Belyavskiy <beldmit@gmail.com> | 2022-09-25 11:39:55 +0200 |
commit | a6b90523e4ea6010b1109b0bae7e2a73b5b025c5 (patch) | |
tree | 1c9f5bafd3feb7d13cf110eca0e7252821c4ffe5 /tcl_tests | |
parent | bd6c4f8c5c8a087ce0ea65c3dc5ee38b38b8802c (diff) | |
download | gost-engine-a6b90523e4ea6010b1109b0bae7e2a73b5b025c5.zip gost-engine-a6b90523e4ea6010b1109b0bae7e2a73b5b025c5.tar.gz gost-engine-a6b90523e4ea6010b1109b0bae7e2a73b5b025c5.tar.bz2 |
updating CA constraints
Diffstat (limited to 'tcl_tests')
-rw-r--r-- | tcl_tests/ossltest.tcl | 24 |
1 files changed, 23 insertions, 1 deletions
diff --git a/tcl_tests/ossltest.tcl b/tcl_tests/ossltest.tcl index 792c071..ed657d6 100644 --- a/tcl_tests/ossltest.tcl +++ b/tcl_tests/ossltest.tcl @@ -220,11 +220,33 @@ CN=Test CA $algor_with_par O=Cryptocom OU=OpenSSL CA emailAddress = openssl@cryptocom.ru +\[ v3_ca \] +# Extensions for a typical CA +# PKIX recommendation. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid:always,issuer +basicConstraints = critical,CA:true + +# Key usage: this is typical for a CA certificate. However since it will +# prevent it being used as an test self-signed certificate it is best +# left out by default. +# keyUsage = cRLSign, keyCertSign + +# Include email address in subject alt name: another PKIX recommendation +# subjectAltName=email:copy +# Copy issuer details +# issuerAltName=issuer:copy + +# DER hex encoding of an extension: beware experts only! +# obj=DER:02:03 +# Where 'obj' is a standard or added object +# You can even override a supported extension: +# basicConstraints= critical, DER:30:03:01:01:FF " file mkdir $CAname/private file mkdir $CAname/newcerts generate_key [keygen_params $algor_with_par] $CAname/private/cakey.pem - openssl "req -new -x509 -key $CAname/private/cakey.pem -nodes -out $CAname/cacert.pem -config $CAname/req.conf -set_serial 0x11E" + openssl "req -new -x509 -key $CAname/private/cakey.pem -nodes -out $CAname/cacert.pem -config $CAname/req.conf -reqexts v3_ca -set_serial 0x11E" makeFile ./$CAname/.rand 1234567890 makeFile ./$CAname/serial 011E makeFile ./$CAname/index.txt "" |