1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20
|
Description: New ruby-certificate-authority fails tests unless proper x509v3 extension is added for client certs
Author: Micah Anderson <micah@debian.org>
Forwarded: Yes
Last-Update: 2016-12-05
Index: reel/spec/support/create_certs.rb
===================================================================
--- reel.orig/spec/support/create_certs.rb 2017-01-09 11:41:36.449332154 -0500
+++ reel/spec/support/create_certs.rb 2017-01-09 11:42:12.536548234 -0500
@@ -48,7 +48,10 @@
client_cert.serial_number.number = 1
client_cert.key_material.generate_key
client_cert.parent = ca
-client_cert.sign!
+
+client_cert.sign! 'extensions' => { 'keyUsage' => { 'usage' => %w(digitalSignature) },
+ 'extendedKeyUsage' => { 'usage' => %w(serverAuth clientAuth) }
+ }
client_cert_path = File.join(certs_dir, 'client.crt')
client_key_path = File.join(certs_dir, 'client.key')
|