mirror of
https://gitlab.alpinelinux.org/alpine/aports.git
synced 2025-11-04 10:21:36 +01:00
41 lines
1.5 KiB
Diff
41 lines
1.5 KiB
Diff
Patch-Source: https://github.com/nginx/unit/commit/a625a0b1f0d822b3224b7b29565fe9733b634afd
|
|
From a625a0b1f0d822b3224b7b29565fe9733b634afd Mon Sep 17 00:00:00 2001
|
|
From: Andrei Zeliankou <zelenkov@nginx.com>
|
|
Date: Mon, 8 Apr 2024 02:18:37 +0100
|
|
Subject: [PATCH] Tests: compatibility with OpenSSL 3.2.0
|
|
|
|
OpenSSL 3.2.0 generates X.509v3 certificates by default. These
|
|
certificates, even self-signed, cannot sign other certificates unless
|
|
"CA:TRUE" is explicitly set in the basicConstraints extension.
|
|
As a result, tests attempting this are currently failing.
|
|
|
|
Fix is to provide "CA:TRUE" in the basicConstraints for self-signed root
|
|
certificates used in "openssl ca" commands.
|
|
|
|
Closes: https://github.com/nginx/unit/issues/1202
|
|
Tested-by: Andrew Clayton <a.clayton@nginx.com>
|
|
Reviewed-by: Andrew Clayton <a.clayton@nginx.com>
|
|
---
|
|
test/unit/applications/tls.py | 6 +++++-
|
|
1 file changed, 5 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/test/unit/applications/tls.py b/test/unit/applications/tls.py
|
|
index 75354dd91..b48293be6 100644
|
|
--- a/test/unit/applications/tls.py
|
|
+++ b/test/unit/applications/tls.py
|
|
@@ -85,9 +85,13 @@ def openssl_conf(self, rewrite=False, alt_names=None):
|
|
default_bits = 2048
|
|
encrypt_key = no
|
|
distinguished_name = req_distinguished_name
|
|
+x509_extensions = myca_extensions
|
|
|
|
{a_sec if alt_names else ""}
|
|
-[ req_distinguished_name ]'''
|
|
+[ req_distinguished_name ]
|
|
+
|
|
+[ myca_extensions ]
|
|
+basicConstraints = critical,CA:TRUE'''
|
|
)
|
|
|
|
def load(self, script, name=None):
|