Add Restricted PSS certificate and key

[openssl.git] / test / certs / mkcert.sh

diff --git a/test/certs/mkcert.sh b/test/certs/mkcert.sh
index 41bbe23e2dee08e5a0343f9a321f58d490a7ac83..e03b19014ea64351697a822abe3d2e033a916c3e 100755 (executable)
--- a/test/certs/mkcert.sh
+++ b/test/certs/mkcert.sh
@@ -233,6 +233,35 @@ genee() {
            -set_serial 2 -days "${DAYS}" "$@"
 }
 
+geneenocsr() {
+    local OPTIND=1
+    local purpose=serverAuth
+
+    while getopts p: o
+    do
+        case $o in
+        p) purpose="$OPTARG";;
+        *) echo "Usage: $0 genee [-p EKU] cn certname cakeyname cacertname" >&2
+           return 1;;
+        esac
+    done
+
+    shift $((OPTIND - 1))
+    local cn=$1; shift
+    local cert=$1; shift
+    local cakey=$1; shift
+    local ca=$1; shift
+
+    exts=$(printf "%s\n%s\n%s\n%s\n%s\n[alts]\n%s\n" \
+           "subjectKeyIdentifier = hash" \
+           "authorityKeyIdentifier = keyid, issuer" \
+           "basicConstraints = CA:false" \
+           "extendedKeyUsage = $purpose" \
+           "subjectAltName = @alts" "DNS=${cn}")
+       cert "$cert" "$exts" -CA "${ca}.pem" -CAkey "${cakey}.pem" \
+           -set_serial 2 -days "${DAYS}" "$@"
+}
+
 genss() {
     local cn=$1; shift
     local key=$1; shift