diff options
author | Kim Alvefur <zash@zash.se> | 2015-10-11 18:49:14 +0200 |
---|---|---|
committer | Kim Alvefur <zash@zash.se> | 2015-10-11 18:49:14 +0200 |
commit | b46b9dc13faac301799a394536a217034cb1aad0 (patch) | |
tree | 389056cc6e2f0722f49655ecdffd4e8b9dfb06b7 | |
parent | 8caf3cf4120e361e27c4eff6c9ad93a59589425c (diff) | |
download | prosody-b46b9dc13faac301799a394536a217034cb1aad0.tar.gz prosody-b46b9dc13faac301799a394536a217034cb1aad0.zip |
util.openssl: Separate extension sections into one for self-signed certs and one for requests
-rw-r--r-- | util/openssl.lua | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/util/openssl.lua b/util/openssl.lua index ef3fba96..39fe99d6 100644 --- a/util/openssl.lua +++ b/util/openssl.lua @@ -18,8 +18,8 @@ function config.new() return setmetatable({ req = { distinguished_name = "distinguished_name", - req_extensions = "v3_extensions", - x509_extensions = "v3_extensions", + req_extensions = "certrequest", + x509_extensions = "selfsigned", prompt = "no", }, distinguished_name = { @@ -31,12 +31,16 @@ function config.new() commonName = "example.com", emailAddress = "xmpp@example.com", }, - v3_extensions = { + certrequest = { basicConstraints = "CA:FALSE", keyUsage = "digitalSignature,keyEncipherment", extendedKeyUsage = "serverAuth,clientAuth", subjectAltName = "@subject_alternative_name", }, + selfsigned = { + basicConstraints = "CA:TRUE", + subjectAltName = "@subject_alternative_name", + }, subject_alternative_name = { DNS = {}, otherName = {}, |