On Wednesday 29 June 2016 00:10:34 Ángel González wrote: > On 28/06/16 22:16, Tim Rühsen wrote: > > Patching src/openssl.c for 1.1.0 (see below) let it compile. > > But the HTTPS tests fail due to > > > > ERROR: cannot verify localhost's certificate, issued by > > 'O=GNU,OU=Wget,CN=GNU> > > Wget': > > unsupported certificate purpose > > > > Any idea ? > > server-cert.pem has the following extensions: > Key Usage > Usages: Revocation list signature > Critical: Yes > > Extended Key Usage > Allowed Purposes: Server Authentication > Critical: No > > > Looks like the second extension isn't supported by OpenSSL 1.1.0, and > Server Authentication not being in Key Usage, it is rejected. > > Recreate this certificate with no Key Usage at all would probably fix > it. I'm not sure about the required steps, though.
Thanks for the hint, I'll check it out. BTW, I documented the creation of the test certs in testenv/certs/README. Meanwhile I saw that certtool supports also has a non-interactive mode... so it would be possible to write a small shell script to automate the process of creating the test keys/certs/crl etc. Regards
signature.asc
Description: This is a digitally signed message part.
