OpenSSL: OCSP under DANE

[exim.git] / test / aux-fixed / exim-ca / genall

diff --git a/test/aux-fixed/exim-ca/genall b/test/aux-fixed/exim-ca/genall
index 1b4e7e2779050f0c289e53bf56cf4067bef95c68..878c6aba0c6ac3b97fc72dc4f5c4c0bc2014d7a3 100755 (executable)
--- a/test/aux-fixed/exim-ca/genall
+++ b/test/aux-fixed/exim-ca/genall
@@ -34,9 +34,12 @@ do
     # -F  create sub-signing cert
     # -C CRL
     # -O create OCSP responder cert
+    # -3 Authority key ID extension
+    # -8 Subject Alternate Names
+
     clica $V -D "$idir" -p password -B 2048 -I -N $iname -F -C http://crl.$iname/latest.crl -O http://oscp.$iname/
 
-    # create server certs
+    # create server leaf certs
     # -m <months>
     clica $V -D $idir -p password -s 101 -S server1.$iname -m 301 \
        -8 alternatename.server1.example.$tld,alternatename2.server1.example.$tld,*.test.ex
@@ -135,7 +138,7 @@ EOF
 
        # These ones get used by the "traditional" testcases. OCSP resp signed by a cert which is
        # signed by the signer of the leaf-cert being attested to.
-       OGENCOMMON="-rsigner $CADIR/OCSP.pem -rkey $CADIR/OCSP.key -CA $CADIR/Signer.pem -rother $CADIR/OCSP.pem -noverify"
+       OGENCOMMON="-rsigner $CADIR/OCSP.pem -rkey $CADIR/OCSP.key -CA $CADIR/Signer.pem -noverify"
 
        openssl ocsp $IVALID   $OGENCOMMON -ndays 3652 $REQIN -respout $SPFX.ocsp.good.resp
        openssl ocsp $IVALID   $OGENCOMMON -ndays 30   $REQIN -respout $SPFX.ocsp.dated.resp