X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/3b46b0914f7161a1011a642d3b90923b15ad85b8..415c5379af11bf8777af1a082a336ad7c5369525:/test/aux-fixed/exim-ca/genall

diff --git a/test/aux-fixed/exim-ca/genall b/test/aux-fixed/exim-ca/genall
index 1b4e7e277..878c6aba0 100755
--- a/test/aux-fixed/exim-ca/genall
+++ b/test/aux-fixed/exim-ca/genall
@@ -34,9 +34,12 @@ do
     # -F  create sub-signing cert
     # -C CRL
     # -O create OCSP responder cert
+    # -3 Authority key ID extension
+    # -8 Subject Alternate Names
+
     clica $V -D "$idir" -p password -B 2048 -I -N $iname -F -C http://crl.$iname/latest.crl -O http://oscp.$iname/
 
-    # create server certs
+    # create server leaf certs
     # -m <months>
     clica $V -D $idir -p password -s 101 -S server1.$iname -m 301 \
 	-8 alternatename.server1.example.$tld,alternatename2.server1.example.$tld,*.test.ex
@@ -135,7 +138,7 @@ EOF
 
 	# These ones get used by the "traditional" testcases. OCSP resp signed by a cert which is
 	# signed by the signer of the leaf-cert being attested to.
-	OGENCOMMON="-rsigner $CADIR/OCSP.pem -rkey $CADIR/OCSP.key -CA $CADIR/Signer.pem -rother $CADIR/OCSP.pem -noverify"
+	OGENCOMMON="-rsigner $CADIR/OCSP.pem -rkey $CADIR/OCSP.key -CA $CADIR/Signer.pem -noverify"
 
 	openssl ocsp $IVALID   $OGENCOMMON -ndays 3652 $REQIN -respout $SPFX.ocsp.good.resp
 	openssl ocsp $IVALID   $OGENCOMMON -ndays 30   $REQIN -respout $SPFX.ocsp.dated.resp