Merge commit '6935d66053b2c9723314d89d5169dcf34ed56c08' into bb-10.2-marko10.2-wlad-merge

# Conflicts:
#	debian/control
#	debian/mariadb-server-10.2.install
#	include/my_sys.h
#	mysql-test/collections/buildbot_suites.bat
#	plugin/auth_dialog/CMakeLists.txt
#	sql/CMakeLists.txt
#	sql/sql_class.cc
#	storage/innobase/CMakeLists.txt
#	storage/innobase/log/log0crypt.cc
#	win/packaging/CPackWixConfig.cmake

1 files changed, 15 insertions, 6 deletions

diff --git a/mysql-test/lib/generate-ssl-certs.sh b/mysql-test/lib/generate-ssl-certs.sh
index cc919dfe32e..8f15ba9d521 100755
--- a/mysql-test/lib/generate-ssl-certs.sh
+++ b/mysql-test/lib/generate-ssl-certs.sh
@@ -1,30 +1,39 @@
-#!/bin/sh -xe
+#!/bin/sh
+
+set -xe
 
 # simply run me from mysql-test/
 cd std_data/
 
 # boilerplace for "openssl ca" and /etc/ssl/openssl.cnf
 rm -rf demoCA
-mkdir demoCA demoCA/private demoCA/newcerts
+mkdir demoCA demoCA/newcerts
 touch demoCA/index.txt
 echo 01 > demoCA/serial
 
 # CA certificate, self-signed
-openssl req -x509 -newkey rsa:2048 -keyout demoCA/private/cakey.pem -out cacert.pem -days 7300 -nodes -subj '/CN=cacert/C=FI/ST=Helsinki/L=Helsinki/O=MariaDB' -text
+openssl req -x509 -newkey rsa:2048 -keyout cakey.pem -out cacert.pem -days 7300 -nodes -subj '/CN=cacert/C=FI/ST=Helsinki/L=Helsinki/O=MariaDB' -text
 
 # server certificate signing request and private key. Note the very long subject (for MDEV-7859)
 openssl req -newkey rsa:1024 -keyout server-key.pem -out demoCA/server-req.pem -days 7300 -nodes -subj '/CN=localhost/C=FI/ST=state or province within country, in other certificates in this file it is the same as L/L=location, usually an address but often ambiguously used/OU=organizational unit name, a division name within an organization/O=organization name, typically a company name'
 # convert the key to yassl compatible format
 openssl rsa -in server-key.pem -out server-key.pem
 # sign the server certificate with CA certificate
-openssl ca -days 7300 -batch -cert cacert.pem -policy policy_anything -out server-cert.pem -infiles demoCA/server-req.pem
+openssl ca -keyfile cakey.pem -days 7300 -batch -cert cacert.pem -policy policy_anything -out server-cert.pem -infiles demoCA/server-req.pem
 
 openssl req -newkey rsa:8192 -keyout server8k-key.pem -out demoCA/server8k-req.pem -days 7300 -nodes -subj '/CN=server8k/C=FI/ST=Helsinki/L=Helsinki/O=MariaDB'
 openssl rsa -in server8k-key.pem -out server8k-key.pem
-openssl ca -days 7300 -batch -cert cacert.pem -policy policy_anything -out server8k-cert.pem -infiles demoCA/server8k-req.pem
+openssl ca -keyfile cakey.pem -days 7300 -batch -cert cacert.pem -policy policy_anything -out server8k-cert.pem -infiles demoCA/server8k-req.pem
 
 openssl req -newkey rsa:1024 -keyout client-key.pem -out demoCA/client-req.pem -days 7300 -nodes -subj '/CN=client/C=FI/ST=Helsinki/L=Helsinki/O=MariaDB'
 openssl rsa -in client-key.pem -out client-key.pem
-openssl ca -days 7300 -batch -cert cacert.pem -policy policy_anything -out client-cert.pem -infiles demoCA/client-req.pem
+openssl ca -keyfile cakey.pem -days 7300 -batch -cert cacert.pem -policy policy_anything -out client-cert.pem -infiles demoCA/client-req.pem
+
+# with SubjectAltName, only for OpenSSL 1.0.2+
+cat > demoCA/sanext.conf <<EOF
+subjectAltName=DNS:localhost
+EOF
+openssl req -newkey rsa:1024 -keyout serversan-key.pem -out demoCA/serversan-req.pem -days 7300 -nodes -subj '/CN=server/C=FI/ST=Helsinki/L=Helsinki/O=MariaDB'
+openssl ca -keyfile cakey.pem -extfile demoCA/sanext.conf -days 7300 -batch -cert cacert.pem -policy policy_anything -out serversan-cert.pem -infiles demoCA/serversan-req.pem
 
 rm -rf demoCA