mirror of
https://github.com/pgbackrest/pgbackrest.git
synced 2024-12-14 10:13:05 +02:00
dfb620b0b8
The prior SAN code only recognized DNS-based SANs, which meant that it would not properly validate if using an IP-based SAN. Add support for IPv4 and IPv6 SANs with exact matching only. This simplifies testing when certificate generation tools have trouble generating a DNS:1.2.3.4-style SAN, preferring to include the SAN as IP:1.2.3.4.
46 lines
737 B
INI
46 lines
737 B
INI
[req]
|
|
default_bits = 4096
|
|
prompt = no
|
|
default_md = sha256
|
|
req_extensions = v3_req
|
|
distinguished_name = dn
|
|
|
|
[ca]
|
|
default_ca=ca_pgbackrest
|
|
|
|
[ca_pgbackrest]
|
|
database=index.txt
|
|
unique_subject=no
|
|
default_md=sha256
|
|
|
|
[ dn ]
|
|
C=US
|
|
ST=All
|
|
L=All
|
|
O=pgBackRest
|
|
OU=Unit Testing Domain
|
|
CN = test.pgbackrest.org
|
|
|
|
[ v3_req ]
|
|
basicConstraints = CA:FALSE
|
|
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
|
|
subjectAltName = @alt_names
|
|
|
|
[ alt_names ]
|
|
# Used in container unit tests
|
|
DNS.1 = test.pgbackrest.org
|
|
DNS.2 = *.test.pgbackrest.org
|
|
DNS.3 = *.test2.pgbackrest.org
|
|
|
|
# Test IP matching
|
|
IP.1 = 127.0.0.1
|
|
IP.2 = ::1
|
|
|
|
# Unused alt name type for coverage
|
|
email.0 = email@email.com
|
|
|
|
# Used in integration tests
|
|
DNS.5 = pg1
|
|
DNS.6 = pg2
|
|
DNS.7 = repo
|