On Tue, Feb 16, 2021 at 04:36:59AM +1100, Joel Sing wrote: > On 21-02-15 14:49:46, Jan Klemkow wrote: > > +create-libressl-test-certs: create-libressl-test-certs.pl > > + ${PERL} ${.CURDIR}/$@.pl > > We can see how this goes, however we may end up wanting to generate > the certificates and commit them rather than regenerating on each > run. The other advantage is that p5-IO-Socket-SSL would only be > needed to regenerate the certificates and not actually run the > tests.
What should I do? Just commit the generated files and remove the Perl script? > > Index: regress/lib/libcrypto/validate/create-libressl-test-certs.pl > > =================================================================== > > RCS file: regress/lib/libcrypto/validate/create-libressl-test-certs.pl > > diff -N regress/lib/libcrypto/validate/create-libressl-test-certs.pl > > --- /dev/null 1 Jan 1970 00:00:00 -0000 > > +++ regress/lib/libcrypto/validate/create-libressl-test-certs.pl 15 Feb > > 2021 12:54:58 -0000 > > @@ -0,0 +1,111 @@ > > +#!/usr/bin/perl > > + > > +# Copyright (c) 2021 Steffen Ullrich <su...@cpan.org> > > +# Public Domain > > + > > +use strict; > > +use warnings; > > +use IO::Socket::SSL::Utils; > > + > > +# primitive CA - ROOT > > +my @ca = cert( > > + CA => 1, > > + subject => { CN => 'ROOT' } > > +); > > +out('caR.pem', pem(crt => $ca[0])); > > +out('caR.key', pem(key => $ca[1])); > > + > > +# server certificate where SAN contains in-label wildcards which are > > allowed by > > +# RFC 6125 > > It is worth noting that per the RFC, a client MAY allow in-label > wildcards (this is not a MUST or even a SHOULD). Additionally, > various software does not allow or support this (for example, libtls > and hence ftp(1)). What should I do here? Thanks, Jan