aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKim Alvefur <zash@zash.se>2015-10-11 18:49:14 +0200
committerKim Alvefur <zash@zash.se>2015-10-11 18:49:14 +0200
commitb46b9dc13faac301799a394536a217034cb1aad0 (patch)
tree389056cc6e2f0722f49655ecdffd4e8b9dfb06b7
parent8caf3cf4120e361e27c4eff6c9ad93a59589425c (diff)
downloadprosody-b46b9dc13faac301799a394536a217034cb1aad0.tar.gz
prosody-b46b9dc13faac301799a394536a217034cb1aad0.zip
util.openssl: Separate extension sections into one for self-signed certs and one for requests
-rw-r--r--util/openssl.lua10
1 files changed, 7 insertions, 3 deletions
diff --git a/util/openssl.lua b/util/openssl.lua
index ef3fba96..39fe99d6 100644
--- a/util/openssl.lua
+++ b/util/openssl.lua
@@ -18,8 +18,8 @@ function config.new()
return setmetatable({
req = {
distinguished_name = "distinguished_name",
- req_extensions = "v3_extensions",
- x509_extensions = "v3_extensions",
+ req_extensions = "certrequest",
+ x509_extensions = "selfsigned",
prompt = "no",
},
distinguished_name = {
@@ -31,12 +31,16 @@ function config.new()
commonName = "example.com",
emailAddress = "xmpp@example.com",
},
- v3_extensions = {
+ certrequest = {
basicConstraints = "CA:FALSE",
keyUsage = "digitalSignature,keyEncipherment",
extendedKeyUsage = "serverAuth,clientAuth",
subjectAltName = "@subject_alternative_name",
},
+ selfsigned = {
+ basicConstraints = "CA:TRUE",
+ subjectAltName = "@subject_alternative_name",
+ },
subject_alternative_name = {
DNS = {},
otherName = {},