From dd189f46b9e43392b842c4309c95dc7e71963261 Mon Sep 17 00:00:00 2001

From: Greg Hudson <ghudson@mit.edu>

Date: Thu, 5 Oct 2017 12:54:13 -0400

Subject: [PATCH] Add test cert with no extensions

Add commands to make-certs.sh to generate a test client certificate

with no certificate extensions.  Re-run make-certs.sh.

ticket: 8562

(cherry-picked from commit 0d23835660ab131d244d395e4568969b5c0dc678)

[rharwood@redhat.com: only backport the make-certs.sh changes]

---

 src/tests/dejagnu/pkinit-certs/make-certs.sh | 9 +++++++++

 1 file changed, 9 insertions(+)

diff --git a/src/tests/dejagnu/pkinit-certs/make-certs.sh b/src/tests/dejagnu/pkinit-certs/make-certs.sh

index 0d8c2019a..23426af8a 100755

--- a/src/tests/dejagnu/pkinit-certs/make-certs.sh

+++ b/src/tests/dejagnu/pkinit-certs/make-certs.sh

@@ -163,5 +163,14 @@ SUBJECT=user openssl x509 -extfile openssl.cnf -extensions exts_upn3_client \

 openssl pkcs12 -export -in user-upn3.pem -inkey privkey.pem \

      -out user-upn3.p12 -passout pass:

+# Generate a client certificate and PKCS#12 bundle with no PKINIT extensions.

+SUBJECT=user openssl req -config openssl.cnf -new -subj /CN=user \

+    -key privkey.pem -out generic.csr

+SUBJECT=user openssl x509 -set_serial 7 -days $DAYS -req -CA ca.pem \

+    -CAkey privkey.pem -out generic.pem -in generic.csr

+openssl pkcs12 -export -in generic.pem -inkey privkey.pem -out generic.p12 \

+    -passout pass:

+

 # Clean up.

 rm -f openssl.cnf kdc.csr user.csr user-upn.csr user-upn2.csr user-upn3.csr

+rm -f generic.csr