From: Joni Hahkala <joni.hahkala@cern.ch>
Date: Wed, 30 Sep 2009 15:05:47 +0000 (+0000)
Subject: add altname cert generation
X-Git-Url: http://scientific.zcu.cz/git/?a=commitdiff_plain;h=ef6a98ca0e6187f30161e83d082b62ad810d7f50;p=glite-security-test-utils.git

add altname cert generation
---

diff --git a/bin/generate-test-certificates.sh b/bin/generate-test-certificates.sh
index 93cae53..cb5ab9a 100755
--- a/bin/generate-test-certificates.sh
+++ b/bin/generate-test-certificates.sh
@@ -74,7 +74,7 @@ function create_cert {
     esac
 
     case $flags in
-        client|server|clientserver|fclient|none)
+        client|server|clientserver|fclient|none|altname)
             echo "Generating a $flags certificate"
             echo $CA_DIR
             CMD="openssl ca -in $filebase.req -out $filebase.cert -outdir $tmpdir \
@@ -608,6 +608,21 @@ function create_all {
     create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_proxy "proxy" 1 proxy
     create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_proxy_exp "expired proxy" -1 proxy_exp
 
+    TYPE="altname"
+    CTYPE="altname"
+
+    create_cert $CERT_DIR/${catype}_${TYPE} "$catype/xxx.foo.bar" ${TYPE} $DAYS
+
+    TYPE="altname"
+    CTYPE="altname2"
+
+    create_cert $CERT_DIR/${catype}_${TYPE}2 "xxx.foo.bar" ${TYPE} $DAYS
+
+    TYPE="server"
+    CTYPE="server2"
+
+    create_cert $CERT_DIR/${catype}_${TYPE}2 "xxx.foo.bar" ${TYPE} $DAYS
+
     TYPE="clientserver"
     CTYPE="clientserver"
 
@@ -840,6 +855,7 @@ for catype in $CATYPES; do
     export REQ_CONFIG_FILE_SERIAL=$CA_DIR/req_conf_sn.cnf
     export REQ_CONFIG_FILE_EMAIL=$CA_DIR/req_conf_email.cnf
     export REQ_CONFIG_FILE_UID=$CA_DIR/req_conf_uid.cnf
+    export REQ_CONFIG_FILE_ALTNAME=$CA_DIR/req_conf_altname.cnf
     export REQ_PROXY_CONFIG_FILE=$CA_DIR/req_proxy_conf.cnf
     export REQ_PROXY_PROXY_CONFIG_FILE=$CA_DIR/req_proxy_proxy_conf.cnf
     export PROXY_BITS=512
diff --git a/test/trusted-ca/ca_conf.cnf b/test/trusted-ca/ca_conf.cnf
index cc85df0..ae6294c 100644
--- a/test/trusted-ca/ca_conf.cnf
+++ b/test/trusted-ca/ca_conf.cnf
@@ -35,6 +35,15 @@ nsComment			= "OpenSSL Generated Server Certificate"
 # For an object signing certificate this would be used.
 # nsCertType = objsign
 
+[ ca_altname ]
+# This is OK for an SSL server.
+nsCertType			= server
+nsComment			= "OpenSSL Generated Server Certificate"
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+subjectAltName = DNS:*.hoo.org,DNS:joo.haa.org,IP:123.124.220.1,DNS:g*a.e*.com
+
 [ ca_client ]
 # For normal client use this is typical
 nsCertType = client, email