clones/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2024-09-21 06:37:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

- Fix unbound-control-setup.cmd to have CA v3 basicConstraints,

Browse Source 
like unbound-control-setup.sh has.
This commit is contained in:
W.C.A. Wijngaards 2024-03-08 17:18:05 +01:00
parent 0c967e079c
commit 48b6c60a24
2 changed files with 13 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
doc/Changelog
View File

@ -2,6 +2,8 @@
- Fix unbound-control-setup.cmd to use 3072 bits so that certificates - Fix unbound-control-setup.cmd to use 3072 bits so that certificates
are long enough for newer OpenSSL versions. are long enough for newer OpenSSL versions.
- Fix TTL of synthesized CNAME when a DNAME is used from cache. - Fix TTL of synthesized CNAME when a DNAME is used from cache.
- Fix unbound-control-setup.cmd to have CA v3 basicConstraints,
like unbound-control-setup.sh has.
7 March 2024: Wouter 7 March 2024: Wouter
- Version set to 1.19.3 for release. After 1.19.2 point release with - Version set to 1.19.3 for release. After 1.19.2 point release with

14
winrc/unbound-control-setup.cmd
View File

@ -98,9 +98,14 @@ echo default_bits=%BITS%>>request.cfg
echo default_md=%HASH%>>request.cfg echo default_md=%HASH%>>request.cfg
echo prompt=no>>request.cfg echo prompt=no>>request.cfg
echo distinguished_name=req_distinguished_name>>request.cfg echo distinguished_name=req_distinguished_name>>request.cfg
echo.>>request.cfg echo x509_extensions=v3_ca>>request.cfg
echo [req_distinguished_name]>>request.cfg echo [req_distinguished_name]>>request.cfg
echo commonName=%SERVERNAME%>>request.cfg echo commonName=%SERVERNAME%>>request.cfg
echo [v3_ca]>>request.cfg
echo subjectKeyIdentifier=hash>>request.cfg
echo authorityKeyIdentifier=keyid:always,issuer:always>>request.cfg
echo basicConstraints=critical,CA:TRUE,pathlen:0>>request.cfg
echo subjectAltName=DNS:%SERVERNAME%>>request.cfg
if not exist request.cfg ( if not exist request.cfg (
echo could not create request.cfg echo could not create request.cfg
@ -119,9 +124,12 @@ echo default_bits=%BITS%>>request.cfg
echo default_md=%HASH%>>request.cfg echo default_md=%HASH%>>request.cfg
echo prompt=no>>request.cfg echo prompt=no>>request.cfg
echo distinguished_name=req_distinguished_name>>request.cfg echo distinguished_name=req_distinguished_name>>request.cfg
echo.>>request.cfg echo req_extensions=v3_req>>request.cfg
echo [req_distinguished_name]>>request.cfg echo [req_distinguished_name]>>request.cfg
echo commonName=%CLIENTNAME%>>request.cfg echo commonName=%CLIENTNAME%>>request.cfg
echo [v3_req]>>request.cfg
echo basicConstraints=critical,CA:FALSE>>request.cfg
echo subjectAltName=DNS:%CLIENTNAME%>>request.cfg
if not exist request.cfg ( if not exist request.cfg (
echo could not create request.cfg echo could not create request.cfg
@ -129,7 +137,7 @@ exit 1
) )
echo create %CTL_BASE%.pem (signed client certificate) echo create %CTL_BASE%.pem (signed client certificate)
"%SSL_PROGRAM%" req -key %CTL_BASE%.key -config request.cfg -new | "%SSL_PROGRAM%" x509 -req -days %DAYS% -CA %SVR_BASE%_trust.pem -CAkey %SVR_BASE%.key -CAcreateserial -%HASH% -out %CTL_BASE%.pem "%SSL_PROGRAM%" req -key %CTL_BASE%.key -config request.cfg -new | "%SSL_PROGRAM%" x509 -req -days %DAYS% -CA %SVR_BASE%_trust.pem -CAkey %SVR_BASE%.key -CAcreateserial -%HASH% -extfile request.cfg -extensions v3_req -out %CTL_BASE%.pem
if not exist %CTL_BASE%.pem ( if not exist %CTL_BASE%.pem (
echo could not create %CTL_BASE%.pem echo could not create %CTL_BASE%.pem