# HG changeset patch
# User Kim Alvefur <zash@zash.se>
# Date 1444582154 -7200
# Node ID d2d7ad2563f9a08139ead0f0c86e4b8d687e2a8a
# Parent  6dae43341b44033a96104eff22e25e7bb9edcfe6
util.openssl: Separate extension sections into one for self-signed certs and one for requests

diff -r 6dae43341b44 -r d2d7ad2563f9 util/openssl.lua
--- a/util/openssl.lua	Sat Sep 26 19:35:56 2015 +0200
+++ b/util/openssl.lua	Sun Oct 11 18:49:14 2015 +0200
@@ -18,8 +18,8 @@
 	return setmetatable({
 		req = {
 			distinguished_name = "distinguished_name",
-			req_extensions = "v3_extensions",
-			x509_extensions = "v3_extensions",
+			req_extensions = "certrequest",
+			x509_extensions = "selfsigned",
 			prompt = "no",
 		},
 		distinguished_name = {
@@ -31,12 +31,16 @@
 			commonName = "example.com",
 			emailAddress = "xmpp@example.com",
 		},
-		v3_extensions = {
+		certrequest = {
 			basicConstraints = "CA:FALSE",
 			keyUsage = "digitalSignature,keyEncipherment",
 			extendedKeyUsage = "serverAuth,clientAuth",
 			subjectAltName = "@subject_alternative_name",
 		},
+		selfsigned = {
+			basicConstraints = "CA:TRUE",
+			subjectAltName = "@subject_alternative_name",
+		},
 		subject_alternative_name = {
 			DNS = {},
 			otherName = {},