Make x509 -force_pubkey test case with self-issued cert more realistic

by adding CA basic constraints, CA key usage, and key IDs to the cert and by add -partial_chain to the verify call that trusts this cert Reviewed-by: Viktor Dukhovni <viktor@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10587)
author: Dr. David von Oheimb <David.von.Oheimb@siemens.com> 2019-12-23 20:15:49 +0100
committer: Dr. David von Oheimb <David.von.Oheimb@siemens.com> 2020-07-01 11:14:54 +0200
commit: 4acd484d55ac3c86091e42f81479f514d0cf8b17 (patch)
tree: 2e1fb69cc6590d10c086e37075ff3edfc3c93d74 /test/v3_ca_exts.cnf
parent: 023697870bcd4372a142a606546253d719a81024 (diff)
download: openssl-new-4acd484d55ac3c86091e42f81479f514d0cf8b17.tar.gz
1 files changed, 5 insertions, 0 deletions
diff --git a/test/v3_ca_exts.cnf b/test/v3_ca_exts.cnf
new file mode 100644
index 0000000000..a6d3245fb4
--- /dev/null
+++ b/test/v3_ca_exts.cnf
@@ -0,0 +1,5 @@
+basicConstraints = CA:true
+keyUsage = cRLSign, keyCertSign
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid:always
+
author	Dr. David von Oheimb <David.von.Oheimb@siemens.com>	2019-12-23 20:15:49 +0100
committer	Dr. David von Oheimb <David.von.Oheimb@siemens.com>	2020-07-01 11:14:54 +0200
commit	4acd484d55ac3c86091e42f81479f514d0cf8b17 (patch)
tree	2e1fb69cc6590d10c086e37075ff3edfc3c93d74 /test/v3_ca_exts.cnf
parent	023697870bcd4372a142a606546253d719a81024 (diff)
download	openssl-new-4acd484d55ac3c86091e42f81479f514d0cf8b17.tar.gz