From: Otto Moerbeek <otto.moerbeek@open-xchange.com>
Date: Wed, 4 Feb 2026 15:16:16 +0000 (+0100)
Subject: Generate cert to use as client cert in tests
X-Git-Tag: rec-5.5.0-alpha0^2~5
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=405d00170c302869997809efb7ba947f1675ad35;p=thirdparty%2Fpdns.git

Generate cert to use as client cert in tests

Signed-off-by: Otto Moerbeek <otto.moerbeek@open-xchange.com>
---

diff --git a/regression-tests.recursor-dnssec/.gitignore b/regression-tests.recursor-dnssec/.gitignore
index 1bc206a05c..41020f575c 100644
--- a/regression-tests.recursor-dnssec/.gitignore
+++ b/regression-tests.recursor-dnssec/.gitignore
@@ -12,3 +12,8 @@
 /server.key
 /server.pem
 /server.p12
+/client.chain
+/client.csr
+/client.key
+/client.pem
+/client.p12
diff --git a/regression-tests.recursor-dnssec/Makefile b/regression-tests.recursor-dnssec/Makefile
index 84286d7a4a..f5ab48aea0 100644
--- a/regression-tests.recursor-dnssec/Makefile
+++ b/regression-tests.recursor-dnssec/Makefile
@@ -1,15 +1,24 @@
 clean-certs:
-	rm -f ca.key ca.pem ca.srl server.csr server.key server.pem server.chain server.ocsp
+	rm -f ca.key ca.pem ca.srl server.csr server.key server.pem server.chain server.ocsp client csr clien.pem client.key client.p12
 clean-configs:
 	rm -rf configs/*
 certs:
 	# Generate a new CA
-	openssl req -new -x509 -days 1 -extensions v3_ca -keyout ca.key -out ca.pem -nodes -config configCA.conf
+	openssl req -quiet -new -x509 -days 1 -extensions v3_ca -keyout ca.key -out ca.pem -nodes -config configCA.conf
 	# Generate a new server certificate request
-	openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr -config configServer.conf
+	openssl req -quiet -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr -config configServer.conf
 	# Sign the server cert
 	openssl x509 -req -days 1 -CA ca.pem -CAkey ca.key -CAcreateserial -in server.csr -out server.pem -extfile configServer.conf -extensions v3_req
 	# Generate a chain
 	cat server.pem ca.pem > server.chain
 	# Generate a password-protected PKCS12 file
-	openssl pkcs12 -export -passout pass:passw0rd -clcerts -in server.pem -CAfile ca.pem -inkey server.key -out server.p12
+	openssl pkcs12 -export -passout pass:passw0rd -in server.pem -CAfile ca.pem -inkey server.key -out server.p12
+
+	# Generate a new client certificate request
+	openssl req -quiet -new -newkey rsa:2048 -nodes -keyout client.key -out client.csr -config configClient.conf
+	# Sign the client cert
+	openssl x509 -req -days 1 -CA ca.pem -CAkey ca.key -CAcreateserial -in client.csr -out client.pem -extfile configClient.conf -extensions v3_req
+	# Generate a chain
+	cat client.pem ca.pem > client.chain
+	# Generate a password-protected PKCS12 file
+	openssl pkcs12 -export -passout pass:passw0rd -in client.pem -CAfile ca.pem -inkey client.key -out client.p12