From 0168f18229402b299a3fb3bb6fe3edb8e3ffa7fc Mon Sep 17 00:00:00 2001
From: Rasmus Dahlberg <rasmus.dahlberg@kau.se>
Date: Tue, 3 Nov 2020 20:01:08 +0100
Subject: added chain processing with intermediate certificates

Basic test chains can be generated manually with openssl, see details in
server/testdata/x509/README.md.
---
 server/testdata/x509/ca.conf | 59 ++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 59 insertions(+)
 create mode 100644 server/testdata/x509/ca.conf

(limited to 'server/testdata/x509/ca.conf')

diff --git a/server/testdata/x509/ca.conf b/server/testdata/x509/ca.conf
new file mode 100644
index 0000000..7889331
--- /dev/null
+++ b/server/testdata/x509/ca.conf
@@ -0,0 +1,59 @@
+[ca]
+default_ca = ca_settings
+
+[ ca_settings ]
+dir = .
+certs             = $dir
+crl_dir           = $dir
+new_certs_dir     = $dir
+database          = $dir/index
+serial            = $dir/serial
+
+private_key       = $dir/root.key
+certificate       = $dir/root.pem
+
+policy = ca_policy
+
+[ ca_policy ]
+countryName             = optional
+stateOrProvinceName     = optional
+localityName            = optional
+organizationName        = optional
+organizationalUnitName  = optional
+commonName              = supplied
+emailAddress            = optional
+
+# Options for the `req` tool, `man req`
+[ req ]
+distinguished_name  = req_distinguished_name
+
+# Extensions for a typical CA, see `man x509v3_config`
+[ v3_ca ]
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid:always,issuer
+basicConstraints = critical, CA:true
+keyUsage = critical, digitalSignature, keyCertSign
+
+# Extensions for a typical intermediate CA, see `man x509v3_config`
+[ v3_intermediate_ca ]
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid:always,issuer
+basicConstraints = critical, CA:true, pathlen:0
+keyUsage = critical, digitalSignature, keyCertSign
+
+[ req_distinguished_name ]
+countryName            = Country Name (2 letter code)
+stateOrProvinceName    = State or Province Name
+localityName           = Locality Name
+0.organizationName     = Organization Name
+organizationalUnitName = Organizational Unit Name
+commonName             = Common Name
+emailAddress           = Email Address
+
+countryName_default            = NA
+stateOrProvinceName_default    = NA
+localityName_default           = NA
+0.organizationName_default     = NA
+organizationalUnitName_default = NA
+emailAddress_default           = NA
+commonName_default             = stfe testdata
-- 
cgit v1.2.3