util.openssl: Separate extension sections into one for self-signed certs and one...

diff --git a/util/openssl.lua b/util/openssl.lua
index ef3fba9616acba5c96c78b989d4cc78a4e221171..39fe99d6abf3013112259fda1e876e8ed894ee1c 100644 (file)
--- a/util/openssl.lua
+++ b/util/openssl.lua
@@ -18,8 +18,8 @@ function config.new()
        return setmetatable({
                req = {
                        distinguished_name = "distinguished_name",
-                       req_extensions = "v3_extensions",
-                       x509_extensions = "v3_extensions",
+                       req_extensions = "certrequest",
+                       x509_extensions = "selfsigned",
                        prompt = "no",
                },
                distinguished_name = {
@@ -31,12 +31,16 @@ function config.new()
                        commonName = "example.com",
                        emailAddress = "xmpp@example.com",
                },
-               v3_extensions = {
+               certrequest = {
                        basicConstraints = "CA:FALSE",
                        keyUsage = "digitalSignature,keyEncipherment",
                        extendedKeyUsage = "serverAuth,clientAuth",
                        subjectAltName = "@subject_alternative_name",
                },
+               selfsigned = {
+                       basicConstraints = "CA:TRUE",
+                       subjectAltName = "@subject_alternative_name",
+               },
                subject_alternative_name = {
                        DNS = {},
                        otherName = {},