From: Dr. Stephen Henson Date: Fri, 31 Aug 2012 11:15:44 +0000 (+0000) Subject: make EC test certificates usable for ECDH X-Git-Tag: master-pre-reformat~1661 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=ef6b34bec2adf7d62a91cb8901252bd95301a3d5;p=openssl make EC test certificates usable for ECDH --- diff --git a/demos/certs/apps/apps.cnf b/demos/certs/apps/apps.cnf index 99cb398742..a5da21678e 100644 --- a/demos/certs/apps/apps.cnf +++ b/demos/certs/apps/apps.cnf @@ -39,6 +39,17 @@ keyUsage=critical, nonRepudiation, digitalSignature, keyEncipherment # This will be displayed in Netscape's comment listbox. nsComment = "OpenSSL Generated Certificate" +[ ec_cert ] + +# These extensions are added when 'ca' signs a request for an end entity +# certificate + +basicConstraints=critical, CA:FALSE +keyUsage=critical, nonRepudiation, digitalSignature, keyAgreement + +# This will be displayed in Netscape's comment listbox. +nsComment = "OpenSSL Generated Certificate" + # PKIX recommendations harmless if included in all certificates. subjectKeyIdentifier=hash authorityKeyIdentifier=keyid diff --git a/demos/certs/apps/mkxcerts.sh b/demos/certs/apps/mkxcerts.sh index 88fb1c57c7..0f88a48fb8 100644 --- a/demos/certs/apps/mkxcerts.sh +++ b/demos/certs/apps/mkxcerts.sh @@ -19,11 +19,11 @@ $OPENSSL ecparam -name P-256 -out ecp256.pem $OPENSSL ecparam -name P-384 -out ecp384.pem CN="OpenSSL Test P-256 SHA-256 cert" $OPENSSL req \ - -config apps.cnf -extensions usr_cert -x509 -nodes \ + -config apps.cnf -extensions ec_cert -x509 -nodes \ -nodes -keyout tecp256.pem -out tecp256.pem -newkey ec:ecp256.pem \ -days 3650 -sha256 CN="OpenSSL Test P-384 SHA-384 cert" $OPENSSL req \ - -config apps.cnf -extensions usr_cert -x509 -nodes \ + -config apps.cnf -extensions ec_cert -x509 -nodes \ -nodes -keyout tecp384.pem -out tecp384.pem -newkey ec:ecp384.pem \ -days 3650 -sha384