diff options
author | Vladislav Vaintroub <wlad@mariadb.com> | 2019-04-24 11:15:08 +0200 |
---|---|---|
committer | Vladislav Vaintroub <wlad@mariadb.com> | 2019-04-28 12:49:59 +0200 |
commit | e116f11f0aeb740667294185534c859928dc125d (patch) | |
tree | 987944514ecc5fc1b865be3c1638488f6e0a7c7c /mysql-test/lib/generate-ssl-certs.sh | |
parent | eb9b03ab488d160aee487389605941a584e6074d (diff) | |
download | mariadb-git-e116f11f0aeb740667294185534c859928dc125d.tar.gz |
MDEV-18131 MariaDB does not verify IP addresses from subject alternative
names
Added a call to X509_check_ip_asc() in case server_hostname represents
an IP address.
Diffstat (limited to 'mysql-test/lib/generate-ssl-certs.sh')
-rwxr-xr-x | mysql-test/lib/generate-ssl-certs.sh | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/mysql-test/lib/generate-ssl-certs.sh b/mysql-test/lib/generate-ssl-certs.sh index 8f15ba9d521..4b333854c08 100755 --- a/mysql-test/lib/generate-ssl-certs.sh +++ b/mysql-test/lib/generate-ssl-certs.sh @@ -31,7 +31,7 @@ openssl ca -keyfile cakey.pem -days 7300 -batch -cert cacert.pem -policy policy_ # with SubjectAltName, only for OpenSSL 1.0.2+ cat > demoCA/sanext.conf <<EOF -subjectAltName=DNS:localhost +subjectAltName=IP:127.0.0.1, DNS:localhost EOF openssl req -newkey rsa:1024 -keyout serversan-key.pem -out demoCA/serversan-req.pem -days 7300 -nodes -subj '/CN=server/C=FI/ST=Helsinki/L=Helsinki/O=MariaDB' openssl ca -keyfile cakey.pem -extfile demoCA/sanext.conf -days 7300 -batch -cert cacert.pem -policy policy_anything -out serversan-cert.pem -infiles demoCA/serversan-req.pem |