diff options
author | Kim Alvefur <zash@zash.se> | 2015-10-11 18:49:14 +0200 |
---|---|---|
committer | Kim Alvefur <zash@zash.se> | 2015-10-11 18:49:14 +0200 |
commit | 0dfbace5560dc05a5ddbdb89819efdc9ae9ae0e3 (patch) | |
tree | 389056cc6e2f0722f49655ecdffd4e8b9dfb06b7 /util | |
parent | b7b28af321e349cac16f2a9709fe9d618d5d8bf0 (diff) | |
download | prosody-0dfbace5560dc05a5ddbdb89819efdc9ae9ae0e3.tar.gz prosody-0dfbace5560dc05a5ddbdb89819efdc9ae9ae0e3.zip |
util.openssl: Separate extension sections into one for self-signed certs and one for requests
Diffstat (limited to 'util')
-rw-r--r-- | util/openssl.lua | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/util/openssl.lua b/util/openssl.lua index ef3fba96..39fe99d6 100644 --- a/util/openssl.lua +++ b/util/openssl.lua @@ -18,8 +18,8 @@ function config.new() return setmetatable({ req = { distinguished_name = "distinguished_name", - req_extensions = "v3_extensions", - x509_extensions = "v3_extensions", + req_extensions = "certrequest", + x509_extensions = "selfsigned", prompt = "no", }, distinguished_name = { @@ -31,12 +31,16 @@ function config.new() commonName = "example.com", emailAddress = "xmpp@example.com", }, - v3_extensions = { + certrequest = { basicConstraints = "CA:FALSE", keyUsage = "digitalSignature,keyEncipherment", extendedKeyUsage = "serverAuth,clientAuth", subjectAltName = "@subject_alternative_name", }, + selfsigned = { + basicConstraints = "CA:TRUE", + subjectAltName = "@subject_alternative_name", + }, subject_alternative_name = { DNS = {}, otherName = {}, |