- Fix for attaching the X509v3 extensions to the client certificate.

author George Thessalonikefs <george@nlnetlabs.nl>

Mon, 19 Oct 2020 13:00:30 +0000 (15:00 +0200)

committer George Thessalonikefs <george@nlnetlabs.nl>

Mon, 19 Oct 2020 13:00:30 +0000 (15:00 +0200)
author George Thessalonikefs <george@nlnetlabs.nl>
Mon, 19 Oct 2020 13:00:30 +0000 (15:00 +0200)
committer George Thessalonikefs <george@nlnetlabs.nl>
Mon, 19 Oct 2020 13:00:30 +0000 (15:00 +0200)
diff --git a/smallapp/unbound-control-setup.sh.in b/smallapp/unbound-control-setup.sh.in

index 6b5e0dbbf205bcdcf7b55016863a59ea54f1ec95..eaf1d082cb765d1f90464adb2ccd1b80101f9ef0 100644 (file)
--- a/smallapp/unbound-control-setup.sh.in
+++ b/smallapp/unbound-control-setup.sh.in
@@ -120,6 +120,7 @@ if [ ! -f "$SVR_BASE.key" ]; then
  fi
  
  cat >server.cnf <<EOF
+[req]
  default_bits=$BITS
  default_md=$HASH
  prompt=no
@@ -189,6 +190,8 @@ if [ ! -f "$CTL_BASE.pem" -o $RECREATE -eq 1 ]; then
                    -CAkey "$SVR_BASE.key" \
                    -CAcreateserial \
                    -$HASH \
+                  -extfile client.cnf \
+                  -extensions v3_req \
                    -out "$CTL_BASE.pem"
  
      [ ! -f "CTL_BASE.pem" ] || fatal "cannot create signed client certificate"
author	George Thessalonikefs <george@nlnetlabs.nl>
	Mon, 19 Oct 2020 13:00:30 +0000 (15:00 +0200)
committer	George Thessalonikefs <george@nlnetlabs.nl>
	Mon, 19 Oct 2020 13:00:30 +0000 (15:00 +0200)