aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKim Alvefur <zash@zash.se>2015-10-11 18:49:14 +0200
committerKim Alvefur <zash@zash.se>2015-10-11 18:49:14 +0200
commit99cee90a446f24ae0b01cb029ec9a3cd241ad306 (patch)
tree389056cc6e2f0722f49655ecdffd4e8b9dfb06b7
parent60ca835146d1b3857be9a82579907afe5449556e (diff)
downloadprosody-99cee90a446f24ae0b01cb029ec9a3cd241ad306.tar.gz
prosody-99cee90a446f24ae0b01cb029ec9a3cd241ad306.zip
util.openssl: Separate extension sections into one for self-signed certs and one for requests
-rw-r--r--util/openssl.lua10
1 files changed, 7 insertions, 3 deletions
diff --git a/util/openssl.lua b/util/openssl.lua
index ef3fba96..39fe99d6 100644
--- a/util/openssl.lua
+++ b/util/openssl.lua
@@ -18,8 +18,8 @@ function config.new()
return setmetatable({
req = {
distinguished_name = "distinguished_name",
- req_extensions = "v3_extensions",
- x509_extensions = "v3_extensions",
+ req_extensions = "certrequest",
+ x509_extensions = "selfsigned",
prompt = "no",
},
distinguished_name = {
@@ -31,12 +31,16 @@ function config.new()
commonName = "example.com",
emailAddress = "xmpp@example.com",
},
- v3_extensions = {
+ certrequest = {
basicConstraints = "CA:FALSE",
keyUsage = "digitalSignature,keyEncipherment",
extendedKeyUsage = "serverAuth,clientAuth",
subjectAltName = "@subject_alternative_name",
},
+ selfsigned = {
+ basicConstraints = "CA:TRUE",
+ subjectAltName = "@subject_alternative_name",
+ },
subject_alternative_name = {
DNS = {},
otherName = {},