On Tue, Feb 16, 2021 at 04:36:59AM +1100, Joel Sing wrote:
> On 21-02-15 14:49:46, Jan Klemkow wrote:
> > +create-libressl-test-certs: create-libressl-test-certs.pl
> > + ${PERL} ${.CURDIR}/$@.pl
>
> We can see how this goes, however we may end up wanting to generate
> the certificates and commit them rather than regenerating on each
> run. The other advantage is that p5-IO-Socket-SSL would only be
> needed to regenerate the certificates and not actually run the
> tests.
What should I do? Just commit the generated files and remove the Perl
script?
> > Index: regress/lib/libcrypto/validate/create-libressl-test-certs.pl
> > ===================================================================
> > RCS file: regress/lib/libcrypto/validate/create-libressl-test-certs.pl
> > diff -N regress/lib/libcrypto/validate/create-libressl-test-certs.pl
> > --- /dev/null 1 Jan 1970 00:00:00 -0000
> > +++ regress/lib/libcrypto/validate/create-libressl-test-certs.pl 15 Feb
> > 2021 12:54:58 -0000
> > @@ -0,0 +1,111 @@
> > +#!/usr/bin/perl
> > +
> > +# Copyright (c) 2021 Steffen Ullrich <su...@cpan.org>
> > +# Public Domain
> > +
> > +use strict;
> > +use warnings;
> > +use IO::Socket::SSL::Utils;
> > +
> > +# primitive CA - ROOT
> > +my @ca = cert(
> > + CA => 1,
> > + subject => { CN => 'ROOT' }
> > +);
> > +out('caR.pem', pem(crt => $ca[0]));
> > +out('caR.key', pem(key => $ca[1]));
> > +
> > +# server certificate where SAN contains in-label wildcards which are
> > allowed by
> > +# RFC 6125
>
> It is worth noting that per the RFC, a client MAY allow in-label
> wildcards (this is not a MUST or even a SHOULD). Additionally,
> various software does not allow or support this (for example, libtls
> and hence ftp(1)).
What should I do here?
Thanks,
Jan
