[ssl_mgmt] Set CA:FALSE constraint for certs

ssl_mgmt/openssl.cnf.in

@@ -24,7 +24,7 @@ policy = policy_match
 copy_extensions = copy
 # We want those extensions only to generate the root certificates, so
 # we specify it on the command line:
-x509_extensions = v3_ca
+x509_extensions = v3_x509
 
 [ policy_match ]
 countryName = match
@@ -64,3 +64,8 @@ authorityKeyIdentifier = keyid:always,issuer:always
 basicConstraints = CA:FALSE
 subjectKeyIdentifier = hash
 subjectAltName = @ALTNAME@
+
+[ v3_x509 ]
+basicConstraints = CA:FALSE
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid:always,issuer:always

ssl_mgmt/tests/5/cmdline

@@ -0,0 +1,3 @@
+keyId= cnfFilePath=./ssl_mgmt.conf ../ssl_mgmt renew foo \
+	&& openssl x509 -in destdir/certs/foo-cert.pem -text -noout \
+	| grep -A 1 "X509v3 Basic Constraints:" | grep "CA:FALSE"

ssl_mgmt/tests/5/driver

@@ -0,0 +1,2 @@
+echo
+echo "y"

ssl_mgmt/tests/5/fini

@@ -0,0 +1 @@
+../restore_foo_fini

ssl_mgmt/tests/5/init

@@ -0,0 +1 @@
+../save_foo_init