From 80d03fb5b083e5fc9731101fa1d3a347515672c6 Mon Sep 17 00:00:00 2001
From: Olof hagsand <olof@hagsand.se>
Date: Fri, 31 May 2024 08:48:00 +0200
Subject: [PATCH] test: adding correct x509 v3 CA cert

---
 test/lib.sh | 9 +++------
 1 file changed, 3 insertions(+), 6 deletions(-)

diff --git a/test/lib.sh b/test/lib.sh
index 8d4d9c76..b52e8caf 100755
--- a/test/lib.sh
+++ b/test/lib.sh
@@ -1265,15 +1265,12 @@ emailAddress           = olof@hagsand.se
 [ req_attributes ]
 challengePassword      = test
 
+[ x509v3_extensions ]
+basicConstraints = critical,CA:true
 EOF
 
     # Generate CA cert
-    # XXX v3 requires x509 version 1
-    if [ $(openssl version|awk '{print $2}') = "3.3.0" ]; then
-        openssl req -batch -new -x509v1 -days 1 -config $tmpdir/ca.cnf -keyout $cakey -out $cacert || err1 "Generate CA cert"
-    else
-        openssl req -batch -new -x509 -days 1 -config $tmpdir/ca.cnf -keyout $cakey -out $cacert || err1 "Generate CA cert"
-    fi
+    openssl req -batch -new -x509 -extensions x509v3_extensions -days 1 -config $tmpdir/ca.cnf -keyout $cakey -out $cacert || err1 "Generate CA cert"
     rm -rf $tmpdir
 }