Skip to content

Commit 1e40b15

Browse files
embhornembhorn
committed
Fix from review
1 parent 4d79d1e commit 1e40b15

3 files changed

Lines changed: 24 additions & 0 deletions

File tree

certs/test/cn-ip-literal.der

691 Bytes
Binary file not shown.

certs/test/cn-ip-wildcard.der

687 Bytes
Binary file not shown.

certs/test/gen-testcerts.sh

Lines changed: 24 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -229,6 +229,30 @@ generate_expired_certs expired/expired-cert ../server-key.pem
229229

230230
generate_test_trusted_cert ossl-trusted-cert localhost "" 1
231231

232+
# Generate CN-IP test certs (no SAN, CN contains IP literal or wildcard)
233+
# These are simple self-signed V1 certs with only a CN field, no extensions.
234+
# Used to test peer cert verification with IP address matching in CN.
235+
generate_cn_ip_cert() {
236+
rm -f "$1".der "$1".pem
237+
238+
echo "step 1 create self-signed cert with CN=$2"
239+
openssl req -new -x509 -days 3652 -sha256 \
240+
-key ../server-key.pem \
241+
-out "$1".pem \
242+
-subj "/CN=$2"
243+
check_result $?
244+
245+
echo "step 2 make binary der version"
246+
openssl x509 -inform pem -in "$1".pem -outform der -out "$1".der
247+
check_result $?
248+
249+
rm -f "$1".pem
250+
}
251+
252+
generate_cn_ip_cert cn-ip-literal 127.0.0.1
253+
generate_cn_ip_cert cn-ip-wildcard "*.0.0.1"
254+
255+
232256
# Note on certs/empty-issuer-cert.pem:
233257
# OpenSSL did not like to generate this certificate with an empty CN in the
234258
# conf file.

0 commit comments

Comments
 (0)