[COMMIT seastar master] test cmake: Generate test certs with subject alt names included

0 views
Skip to first unread message

Commit Bot

<bot@cloudius-systems.com>
unread,
May 11, 2023, 4:15:48 PM5/11/23
to seastar-dev@googlegroups.com, Calle Wilund
From: Calle Wilund <ca...@scylladb.com>
Committer: Calle Wilund <ca...@scylladb.com>
Branch: master

test cmake: Generate test certs with subject alt names included

---
diff --git a/tests/unit/CMakeLists.txt b/tests/unit/CMakeLists.txt
--- a/tests/unit/CMakeLists.txt
+++ b/tests/unit/CMakeLists.txt
@@ -488,6 +488,18 @@ function(seastar_add_certgen name)
if (NOT CERT_EMAIL)
set(CERT_EMAIL postmaster@${CERT_DOMAIN})
endif()
+ if (NOT CERT_ALT_EMAIL_1)
+ set(CERT_ALT_EMAIL_1 alt1@${CERT_DOMAIN})
+ endif()
+ if (NOT CERT_ALT_EMAIL_2)
+ set(CERT_ALT_EMAIL_2 alt2@${CERT_DOMAIN})
+ endif()
+ if (NOT CERT_ALT_IP_1)
+ set(CERT_ALT_IP_1 127.0.0.1)
+ endif()
+ if (NOT CERT_ALT_DNS)
+ set(CERT_ALT_DNS ${CERT_COMMON})
+ endif()
if (NOT CERT_WIDTH)
set(CERT_WIDTH 4096)
endif()
@@ -520,7 +532,7 @@ function(seastar_add_certgen name)
)
add_custom_command(OUTPUT "${CMAKE_CURRENT_BINARY_DIR}/${CERT_REQ}"
COMMAND ${OPENSSL} req -new -key ${CERT_PRIVKEY} -out ${CERT_REQ} -config ${CERT_NAME}.cfg
- DEPENDS "${CMAKE_CURRENT_BINARY_DIR}/${CERT_PRIVKEY}"
+ DEPENDS "${CMAKE_CURRENT_BINARY_DIR}/${CERT_PRIVKEY}" "${CMAKE_CURRENT_BINARY_DIR}/${CERT_NAME}.cfg"
WORKING_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR}
)

@@ -530,13 +542,14 @@ function(seastar_add_certgen name)
)
add_custom_command(OUTPUT "${CMAKE_CURRENT_BINARY_DIR}/${CERT_CAROOT}"
COMMAND ${OPENSSL} req -x509 -new -nodes -key ${CERT_CAPRIVKEY} -days ${CERT_DAYS} -config ${CERT_NAME}.cfg -out ${CERT_CAROOT}
- DEPENDS "${CMAKE_CURRENT_BINARY_DIR}/${CERT_CAPRIVKEY}"
+ DEPENDS "${CMAKE_CURRENT_BINARY_DIR}/${CERT_CAPRIVKEY}" "${CMAKE_CURRENT_BINARY_DIR}/${CERT_NAME}.cfg"
WORKING_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR}
)

+
add_custom_command(OUTPUT "${CMAKE_CURRENT_BINARY_DIR}/${CERT_CERT}"
- COMMAND ${OPENSSL} x509 -req -in ${CERT_REQ} -CA ${CERT_CAROOT} -CAkey ${CERT_CAPRIVKEY} -CAcreateserial -out ${CERT_CERT} -days ${CERT_DAYS}
- DEPENDS "${CMAKE_CURRENT_BINARY_DIR}/${CERT_REQ}" "${CMAKE_CURRENT_BINARY_DIR}/${CERT_CAROOT}"
+ COMMAND ${OPENSSL} x509 -req -in ${CERT_REQ} -CA ${CERT_CAROOT} -CAkey ${CERT_CAPRIVKEY} -CAcreateserial -out ${CERT_CERT} -days ${CERT_DAYS} -extensions req_ext -extfile ${CERT_NAME}.cfg
+ DEPENDS "${CMAKE_CURRENT_BINARY_DIR}/${CERT_REQ}" "${CMAKE_CURRENT_BINARY_DIR}/${CERT_CAROOT}" "${CMAKE_CURRENT_BINARY_DIR}/${CERT_NAME}.cfg"
WORKING_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR}
)

diff --git a/tests/unit/cert.cfg.in b/tests/unit/cert.cfg.in
--- a/tests/unit/cert.cfg.in
+++ b/tests/unit/cert.cfg.in
@@ -21,3 +21,6 @@ basicConstraints = CA:true
# Extensions to add to a certificate request
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[req_ext]
+subjectAltName=email:@CERT_ALT_EMAIL_1@,email:@CERT_ALT_EMAIL_2@,IP:@CERT_ALT_IP_1@,DNS:@CERT_ALT_DNS@
Reply all
Reply to author
Forward
0 new messages