Skip to content

Commit

Permalink
br/lightning: add basicConstraints to test ca (pingcap#50129)
Browse files Browse the repository at this point in the history
  • Loading branch information
D3Hunter authored and AilinKid committed Jan 17, 2024
1 parent bfecca6 commit 0a37ac7
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 1 deletion.
2 changes: 1 addition & 1 deletion br/tests/_utils/generate_certs
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ mkdir -p $TEST_DIR/certs
openssl ecparam -out "$TEST_DIR/certs/ca.key" -name prime256v1 -genkey
# CA's Common Name must not be the same as signed certificate.
openssl req -new -batch -sha256 -subj '/CN=br_tests' -key "$TEST_DIR/certs/ca.key" -out "$TEST_DIR/certs/ca.csr"
openssl x509 -req -sha256 -days 2 -in "$TEST_DIR/certs/ca.csr" -signkey "$TEST_DIR/certs/ca.key" -out "$TEST_DIR/certs/ca.pem"
openssl x509 -req -sha256 -days 2 -in "$TEST_DIR/certs/ca.csr" -extfile "${cur_dir}/../config/rootca.conf" -extensions ext -signkey "$TEST_DIR/certs/ca.key" -out "$TEST_DIR/certs/ca.pem"
for cluster in tidb pd tikv lightning tiflash curl ticdc br; do
openssl ecparam -out "$TEST_DIR/certs/$cluster.key" -name prime256v1 -genkey
openssl req -new -batch -sha256 -subj '/CN=localhost' -key "$TEST_DIR/certs/$cluster.key" -out "$TEST_DIR/certs/$cluster.csr"
Expand Down
2 changes: 2 additions & 0 deletions br/tests/config/rootca.conf
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
[ext]
basicConstraints=CA:TRUE,pathlen:0

0 comments on commit 0a37ac7

Please sign in to comment.