Skip to content

Commit

Permalink
test/openssl/test_ssl: fix illegal SAN extension
Browse files Browse the repository at this point in the history
A certificate can only have one SubjectAltName extension. OpenSSL 3.0
performs a stricter validation and certificates containing multiple SANs
will be rejected.
  • Loading branch information
rhenium committed Oct 22, 2021
1 parent 998406d commit 558cfbe
Showing 1 changed file with 1 addition and 2 deletions.
3 changes: 1 addition & 2 deletions test/openssl/test_ssl.rb
Original file line number Diff line number Diff line change
Expand Up @@ -593,8 +593,7 @@ def test_post_connection_check

exts = [
["keyUsage","keyEncipherment,digitalSignature",true],
["subjectAltName","DNS:localhost.localdomain",false],
["subjectAltName","IP:127.0.0.1",false],
["subjectAltName","DNS:localhost.localdomain,IP:127.0.0.1",false],
]
@svr_cert = issue_cert(@svr, @svr_key, 4, exts, @ca_cert, @ca_key)
start_server { |port|
Expand Down

0 comments on commit 558cfbe

Please sign in to comment.