From 728d567d1c7445e89edad046d8aac5344143d51d Mon Sep 17 00:00:00 2001
From: Greg Hudson <ghudson@mit.edu>
Date: Thu, 5 Oct 2017 12:54:13 -0400
Subject: [PATCH] Add test cert with no extensions

Add commands to make-certs.sh to generate a test client certificate
with no certificate extensions.  Re-run make-certs.sh.

ticket: 8562
(cherry-picked from commit 0d23835660ab131d244d395e4568969b5c0dc678)
[rharwood@redhat.com: only backport the make-certs.sh changes]
---
 src/tests/dejagnu/pkinit-certs/make-certs.sh | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/src/tests/dejagnu/pkinit-certs/make-certs.sh b/src/tests/dejagnu/pkinit-certs/make-certs.sh
index 0d8c2019a..23426af8a 100755
--- a/src/tests/dejagnu/pkinit-certs/make-certs.sh
+++ b/src/tests/dejagnu/pkinit-certs/make-certs.sh
@@ -163,5 +163,14 @@ SUBJECT=user openssl x509 -extfile openssl.cnf -extensions exts_upn3_client \
 openssl pkcs12 -export -in user-upn3.pem -inkey privkey.pem \
      -out user-upn3.p12 -passout pass:
 
+# Generate a client certificate and PKCS#12 bundle with no PKINIT extensions.
+SUBJECT=user openssl req -config openssl.cnf -new -subj /CN=user \
+    -key privkey.pem -out generic.csr
+SUBJECT=user openssl x509 -set_serial 7 -days $DAYS -req -CA ca.pem \
+    -CAkey privkey.pem -out generic.pem -in generic.csr
+openssl pkcs12 -export -in generic.pem -inkey privkey.pem -out generic.p12 \
+    -passout pass:
+
 # Clean up.
 rm -f openssl.cnf kdc.csr user.csr user-upn.csr user-upn2.csr user-upn3.csr
+rm -f generic.csr