You are viewing a plain text version of this content. The canonical link for it is here.
Posted to test-commits@perl.apache.org by kb...@apache.org on 2015/09/27 15:14:19 UTC

svn commit: r1705536 - /perl/Apache-Test/trunk/lib/Apache/TestSSLCA.pm

Author: kbrand
Date: Sun Sep 27 13:14:19 2015
New Revision: 1705536

URL: http://svn.apache.org/viewvc?rev=1705536&view=rev
Log:
add (limited) checks for subjectAltName variables (*_SAN_*_n)

Modified:
    perl/Apache-Test/trunk/lib/Apache/TestSSLCA.pm

Modified: perl/Apache-Test/trunk/lib/Apache/TestSSLCA.pm
URL: http://svn.apache.org/viewvc/perl/Apache-Test/trunk/lib/Apache/TestSSLCA.pm?rev=1705536&r1=1705535&r2=1705536&view=diff
==============================================================================
--- perl/Apache-Test/trunk/lib/Apache/TestSSLCA.pm (original)
+++ perl/Apache-Test/trunk/lib/Apache/TestSSLCA.pm Sun Sep 27 13:14:19 2015
@@ -53,6 +53,10 @@ my $pass    = 'httpd';
 my $passin  = "-passin pass:$pass";
 my $passout = "-passout pass:$pass";
 
+# (limited) subjectAltName otherName testing
+my $san_msupn  = ', otherName:msUPN;UTF8:$mail';
+my $san_dnssrv = ', otherName:1.3.6.1.5.5.7.8.7;IA5:_https.$CN';
+
 # in 0.9.7 s/Email/emailAddress/ in DN
 my $email_field = Apache::Test::normalize_vstring($version) <
                   Apache::Test::normalize_vstring("0.9.7") ?
@@ -62,6 +66,8 @@ my $email_field = Apache::Test::normaliz
 if (Apache::Test::normalize_vstring($version) <
     Apache::Test::normalize_vstring("0.9.8")) {
     $dgst = 'sha1';
+    # otherNames in x509v3_config are not supported either
+    $san_msupn = $san_dnssrv = "";
 }
 
 my $ca_dn = {
@@ -214,6 +220,9 @@ sub config_file {
     writefile($db, '', 1);
 
     writefile($file, <<EOF);
+mail                   = $dn->{$email_field}
+CN                     = $dn->{CN}
+
 [ req ]
 distinguished_name     = req_distinguished_name
 attributes             = req_attributes
@@ -227,8 +236,8 @@ ST                     = $dn->{ST}
 L                      = $dn->{L}
 O                      = $dn->{O}
 OU                     = $dn->{OU}
-CN                     = $dn->{CN}
-$email_field           = $dn->{$email_field}
+CN                     = \$CN
+$email_field           = \$mail
 
 [ req_attributes ]
 challengePassword      = $pass
@@ -261,10 +270,13 @@ organizationalUnitName  = optional
 commonName              = supplied
 $email_field            = optional
 
-[ comment ]
+[ client_ok_ext ]
 nsComment = This Is A Comment
 1.3.6.1.4.1.18060.12.0 = DER:0c064c656d6f6e73
+subjectAltName = email:\$mail$san_msupn
 
+[ server_ext ]
+subjectAltName = DNS:\$CN$san_dnssrv
 EOF
 
     return $file;
@@ -336,7 +348,9 @@ sub sign_cert {
     my $name = shift;
     my $exts = '';
 
-    $exts = ' -extensions comment' if $name =~ /client_ok/;
+    $exts = ' -extensions client_ok_ext' if $name =~ /client_ok/;
+
+    $exts = ' -extensions server_ext' if $name =~ /server/;
 
     openssl ca => "$capolicy -in csr/$name.csr -out certs/$name.crt",
                   $passin, config($name), '-batch', $exts;