Closed andrey-zelenkov closed 2 months ago
Could do with a
Closes: https://github.com/nginx/unit/issues/1202
commit tag...
Rebased and updated commit message:
% git range-diff e4e47795...8923ec76
-: -------- > 1: d494d2eb Wasm-wc: Bump the h2 crate from 0.4.2 to 0.4.4
-: -------- > 2: e6d8fc66 njs (lowercase) is more preferred way to mention
-: -------- > 3: 6e79da47 Docs: njs (lowercase) is more preferred way to mention
-: -------- > 4: 5f606742 Tests: added $request_uri tests with proxy
1: e4e47795 ! 5: 8923ec76 Tests: compatibility with OpenSSL 3.2.0
@@ Metadata
## Commit message ##
Tests: compatibility with OpenSSL 3.2.0
- OpenSSL 3.2.0 generates X.509v3 certificates by default. These certificates,
- even self-signed, cannot sign other certificates unless "CA:TRUE" is
- explicitly set in the basicConstraints extension. As a result, tests
- attempting this are currently failing.
+ OpenSSL 3.2.0 generates X.509v3 certificates by default. These
+ certificates, even self-signed, cannot sign other certificates unless
+ "CA:TRUE" is explicitly set in the basicConstraints extension.
+ As a result, tests attempting this are currently failing.
Fix is to provide "CA:TRUE" in the basicConstraints for self-signed root
certificates used in "openssl ca" commands.
+ Closes: https://github.com/nginx/unit/issues/1202
+ Tested-by: Andrew Clayton <a.clayton@nginx.com>
+ Reviewed-by: Andrew Clayton <a.clayton@nginx.com>
+
## test/unit/applications/tls.py ##
@@ test/unit/applications/tls.py: subjectAltName = @alt_names
default_bits = 2048
OpenSSL 3.2.0 generates X.509v3 certificates by default. These certificates, even self-signed, cannot sign other certificates unless "CA:TRUE" is explicitly set in the basicConstraints extension. As a result, tests attempting this are currently failing.
Fix is to provide "CA:TRUE" in the basicConstraints for self-signed root certificates used in "openssl ca" commands.