[COMMIT seastar master] test cmake: Generate test certs with subject alt names included
0 views
Skip to first unread message
Commit Bot
<bot@cloudius-systems.com>May 11, 2023, 4:15:48 PMMay 11
to seastar-dev@googlegroups.com, Calle Wilund
From: Calle Wilund <ca...@scylladb.com>
Committer: Calle Wilund <ca...@scylladb.com>
Branch: master
test cmake: Generate test certs with subject alt names included
---
diff --git a/tests/unit/CMakeLists.txt b/tests/unit/CMakeLists.txt
--- a/tests/unit/CMakeLists.txt
+++ b/tests/unit/CMakeLists.txt
@@ -488,6 +488,18 @@ function(seastar_add_certgen name)
if (NOT CERT_EMAIL)
set(CERT_EMAIL postmaster@${CERT_DOMAIN})
endif()
+ if (NOT CERT_ALT_EMAIL_1)
+ set(CERT_ALT_EMAIL_1 alt1@${CERT_DOMAIN})
+ endif()
+ if (NOT CERT_ALT_EMAIL_2)
+ set(CERT_ALT_EMAIL_2 alt2@${CERT_DOMAIN})
+ endif()
+ if (NOT CERT_ALT_IP_1)
+ set(CERT_ALT_IP_1 127.0.0.1)
+ endif()
+ if (NOT CERT_ALT_DNS)
+ set(CERT_ALT_DNS ${CERT_COMMON})
+ endif()
if (NOT CERT_WIDTH)
set(CERT_WIDTH 4096)
endif()
@@ -520,7 +532,7 @@ function(seastar_add_certgen name)
)
add_custom_command(OUTPUT "${CMAKE_CURRENT_BINARY_DIR}/${CERT_REQ}"
COMMAND ${OPENSSL} req -new -key ${CERT_PRIVKEY} -out ${CERT_REQ} -config ${CERT_NAME}.cfg
- DEPENDS "${CMAKE_CURRENT_BINARY_DIR}/${CERT_PRIVKEY}"
+ DEPENDS "${CMAKE_CURRENT_BINARY_DIR}/${CERT_PRIVKEY}" "${CMAKE_CURRENT_BINARY_DIR}/${CERT_NAME}.cfg"
WORKING_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR}
)
@@ -530,13 +542,14 @@ function(seastar_add_certgen name)
)
add_custom_command(OUTPUT "${CMAKE_CURRENT_BINARY_DIR}/${CERT_CAROOT}"
COMMAND ${OPENSSL} req -x509 -new -nodes -key ${CERT_CAPRIVKEY} -days ${CERT_DAYS} -config ${CERT_NAME}.cfg -out ${CERT_CAROOT}
- DEPENDS "${CMAKE_CURRENT_BINARY_DIR}/${CERT_CAPRIVKEY}"
+ DEPENDS "${CMAKE_CURRENT_BINARY_DIR}/${CERT_CAPRIVKEY}" "${CMAKE_CURRENT_BINARY_DIR}/${CERT_NAME}.cfg"
WORKING_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR}
)
+
add_custom_command(OUTPUT "${CMAKE_CURRENT_BINARY_DIR}/${CERT_CERT}"
- COMMAND ${OPENSSL} x509 -req -in ${CERT_REQ} -CA ${CERT_CAROOT} -CAkey ${CERT_CAPRIVKEY} -CAcreateserial -out ${CERT_CERT} -days ${CERT_DAYS}
- DEPENDS "${CMAKE_CURRENT_BINARY_DIR}/${CERT_REQ}" "${CMAKE_CURRENT_BINARY_DIR}/${CERT_CAROOT}"
+ COMMAND ${OPENSSL} x509 -req -in ${CERT_REQ} -CA ${CERT_CAROOT} -CAkey ${CERT_CAPRIVKEY} -CAcreateserial -out ${CERT_CERT} -days ${CERT_DAYS} -extensions req_ext -extfile ${CERT_NAME}.cfg
+ DEPENDS "${CMAKE_CURRENT_BINARY_DIR}/${CERT_REQ}" "${CMAKE_CURRENT_BINARY_DIR}/${CERT_CAROOT}" "${CMAKE_CURRENT_BINARY_DIR}/${CERT_NAME}.cfg"
WORKING_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR}
)
diff --git a/tests/unit/cert.cfg.in b/tests/unit/cert.cfg.in
--- a/tests/unit/cert.cfg.in
+++ b/tests/unit/cert.cfg.in
@@ -21,3 +21,6 @@ basicConstraints = CA:true
# Extensions to add to a certificate request
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[req_ext]
+subjectAltName=email:@CERT_ALT_EMAIL_1@,email:@CERT_ALT_EMAIL_2@,IP:@CERT_ALT_IP_1@,DNS:@CERT_ALT_DNS@
Committer: Calle Wilund <ca...@scylladb.com>
Branch: master
test cmake: Generate test certs with subject alt names included
---
diff --git a/tests/unit/CMakeLists.txt b/tests/unit/CMakeLists.txt
--- a/tests/unit/CMakeLists.txt
+++ b/tests/unit/CMakeLists.txt
@@ -488,6 +488,18 @@ function(seastar_add_certgen name)
if (NOT CERT_EMAIL)
set(CERT_EMAIL postmaster@${CERT_DOMAIN})
endif()
+ if (NOT CERT_ALT_EMAIL_1)
+ set(CERT_ALT_EMAIL_1 alt1@${CERT_DOMAIN})
+ endif()
+ if (NOT CERT_ALT_EMAIL_2)
+ set(CERT_ALT_EMAIL_2 alt2@${CERT_DOMAIN})
+ endif()
+ if (NOT CERT_ALT_IP_1)
+ set(CERT_ALT_IP_1 127.0.0.1)
+ endif()
+ if (NOT CERT_ALT_DNS)
+ set(CERT_ALT_DNS ${CERT_COMMON})
+ endif()
if (NOT CERT_WIDTH)
set(CERT_WIDTH 4096)
endif()
@@ -520,7 +532,7 @@ function(seastar_add_certgen name)
)
add_custom_command(OUTPUT "${CMAKE_CURRENT_BINARY_DIR}/${CERT_REQ}"
COMMAND ${OPENSSL} req -new -key ${CERT_PRIVKEY} -out ${CERT_REQ} -config ${CERT_NAME}.cfg
- DEPENDS "${CMAKE_CURRENT_BINARY_DIR}/${CERT_PRIVKEY}"
+ DEPENDS "${CMAKE_CURRENT_BINARY_DIR}/${CERT_PRIVKEY}" "${CMAKE_CURRENT_BINARY_DIR}/${CERT_NAME}.cfg"
WORKING_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR}
)
@@ -530,13 +542,14 @@ function(seastar_add_certgen name)
)
add_custom_command(OUTPUT "${CMAKE_CURRENT_BINARY_DIR}/${CERT_CAROOT}"
COMMAND ${OPENSSL} req -x509 -new -nodes -key ${CERT_CAPRIVKEY} -days ${CERT_DAYS} -config ${CERT_NAME}.cfg -out ${CERT_CAROOT}
- DEPENDS "${CMAKE_CURRENT_BINARY_DIR}/${CERT_CAPRIVKEY}"
+ DEPENDS "${CMAKE_CURRENT_BINARY_DIR}/${CERT_CAPRIVKEY}" "${CMAKE_CURRENT_BINARY_DIR}/${CERT_NAME}.cfg"
WORKING_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR}
)
+
add_custom_command(OUTPUT "${CMAKE_CURRENT_BINARY_DIR}/${CERT_CERT}"
- COMMAND ${OPENSSL} x509 -req -in ${CERT_REQ} -CA ${CERT_CAROOT} -CAkey ${CERT_CAPRIVKEY} -CAcreateserial -out ${CERT_CERT} -days ${CERT_DAYS}
- DEPENDS "${CMAKE_CURRENT_BINARY_DIR}/${CERT_REQ}" "${CMAKE_CURRENT_BINARY_DIR}/${CERT_CAROOT}"
+ COMMAND ${OPENSSL} x509 -req -in ${CERT_REQ} -CA ${CERT_CAROOT} -CAkey ${CERT_CAPRIVKEY} -CAcreateserial -out ${CERT_CERT} -days ${CERT_DAYS} -extensions req_ext -extfile ${CERT_NAME}.cfg
+ DEPENDS "${CMAKE_CURRENT_BINARY_DIR}/${CERT_REQ}" "${CMAKE_CURRENT_BINARY_DIR}/${CERT_CAROOT}" "${CMAKE_CURRENT_BINARY_DIR}/${CERT_NAME}.cfg"
WORKING_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR}
)
diff --git a/tests/unit/cert.cfg.in b/tests/unit/cert.cfg.in
--- a/tests/unit/cert.cfg.in
+++ b/tests/unit/cert.cfg.in
@@ -21,3 +21,6 @@ basicConstraints = CA:true
# Extensions to add to a certificate request
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[req_ext]
+subjectAltName=email:@CERT_ALT_EMAIL_1@,email:@CERT_ALT_EMAIL_2@,IP:@CERT_ALT_IP_1@,DNS:@CERT_ALT_DNS@
Reply all
Reply to author
Forward
0 new messages