X-Git-Url: http://git.ipfire.org/?p=thirdparty%2Fopenssl.git;a=blobdiff_plain;f=test%2Fcerts%2Fsetup.sh;fp=test%2Fcerts%2Fsetup.sh;h=f4f3e046f0f5ee1fe9c700512d29e8f45d97c00c;hp=d58d0d789b4e6cc483487fa9351b1cc4564d18e3;hb=3cb55fe47c3398b81956e4fe20c4004524d47519;hpb=fa86e2ee3533bb7fa9f3c62c38920cf960e9fec0

diff --git a/test/certs/setup.sh b/test/certs/setup.sh
index d58d0d789b..f4f3e046f0 100755
--- a/test/certs/setup.sh
+++ b/test/certs/setup.sh
@@ -154,7 +154,7 @@ openssl x509 -in sca-cert.pem -trustout \
     -addtrust anyExtendedKeyUsage -out sca+anyEKU.pem
 
 # Primary leaf cert: ee-cert
-# ee variants: expired, issuer-key2, issuer-name2
+# ee variants: expired, issuer-key2, issuer-name2, bad-pathlen
 # trust variants: +serverAuth, -serverAuth, +clientAuth, -clientAuth
 # purpose variants: client
 #
@@ -163,6 +163,8 @@ openssl x509 -in sca-cert.pem -trustout \
 ./mkcert.sh genee server.example ee-key ee-cert2 ca-key2 ca-cert2
 ./mkcert.sh genee server.example ee-key ee-name2 ca-key ca-name2
 ./mkcert.sh genee -p clientAuth server.example ee-key ee-client ca-key ca-cert
+./mkcert.sh genee server.example ee-key ee-pathlen ca-key ca-cert \
+    -extfile <(echo "basicConstraints=CA:FALSE,pathlen:0")
 #
 openssl x509 -in ee-cert.pem -trustout \
     -addtrust serverAuth -out ee+serverAuth.pem