Comparison

util.openssl: Separate extension sections into one for self-signed certs and one for requests

comparison

equal deleted inserted replaced

-:6dae43341b44
+:d2d7ad2563f9
 function config.new()
 	return setmetatable({
 		req = {
 			distinguished_name = "distinguished_name",
-			req_extensions = "v3_extensions",
+			req_extensions = "certrequest",
-			x509_extensions = "v3_extensions",
+			x509_extensions = "selfsigned",
 			prompt = "no",
 		},
 		distinguished_name = {
 			countryName = "GB",
 			-- stateOrProvinceName = "",
 			organizationName = "Your Organisation",
 			organizationalUnitName = "XMPP Department",
 			commonName = "example.com",
 			emailAddress = "xmpp@example.com",
 		},
-		v3_extensions = {
+		certrequest = {
 			basicConstraints = "CA:FALSE",
 			keyUsage = "digitalSignature,keyEncipherment",
 			extendedKeyUsage = "serverAuth,clientAuth",
+			subjectAltName = "@subject_alternative_name",
+		},
+		selfsigned = {
+			basicConstraints = "CA:TRUE",
 			subjectAltName = "@subject_alternative_name",
 		},
 		subject_alternative_name = {
 			DNS = {},
 			otherName = {},