From: Kim Alvefur <zash@zash.se>
Date: Sun, 11 Oct 2015 16:49:14 +0000 (+0200)
Subject: util.openssl: Separate extension sections into one for self-signed certs and one... 
X-Git-Url: https://git.enpas.org/?a=commitdiff_plain;h=92d10b3198619b6b604091af635b165ecf2ac64a;p=prosody.git

util.openssl: Separate extension sections into one for self-signed certs and one for requests
---

diff --git a/util/openssl.lua b/util/openssl.lua
index ef3fba96..39fe99d6 100644
--- a/util/openssl.lua
+++ b/util/openssl.lua
@@ -18,8 +18,8 @@ function config.new()
 	return setmetatable({
 		req = {
 			distinguished_name = "distinguished_name",
-			req_extensions = "v3_extensions",
-			x509_extensions = "v3_extensions",
+			req_extensions = "certrequest",
+			x509_extensions = "selfsigned",
 			prompt = "no",
 		},
 		distinguished_name = {
@@ -31,12 +31,16 @@ function config.new()
 			commonName = "example.com",
 			emailAddress = "xmpp@example.com",
 		},
-		v3_extensions = {
+		certrequest = {
 			basicConstraints = "CA:FALSE",
 			keyUsage = "digitalSignature,keyEncipherment",
 			extendedKeyUsage = "serverAuth,clientAuth",
 			subjectAltName = "@subject_alternative_name",
 		},
+		selfsigned = {
+			basicConstraints = "CA:TRUE",
+			subjectAltName = "@subject_alternative_name",
+		},
 		subject_alternative_name = {
 			DNS = {},
 			otherName = {},