Wrong description in server_ca.config and client_ca.config

Tue, 27 Feb 2024 11:39:03 -0800 

Hi Hackers,
The current descriptions for server_ca.config and client_ca.config are not so accurate. For example, one of the descriptions in server_ca.config states, "This certificate is used to sign server certificates. It is self-signed." However, the server_ca.crt and client_ca.crt are actually signed by the root_ca.crt, which is the only self-signed certificate. Therefore, it would be more accurate to change it to "This certificate is used to sign server certificates. It is an Intermediate CA." 

Attached is a patch attempting to fix the description issue.

Best regards,

David

From ddc07447152331c09daecf0202178cfe77a817a9 Mon Sep 17 00:00:00 2001
From: David Zhang <idraw...@gmail.com>
Date: Tue, 27 Feb 2024 10:06:18 -0800
Subject: [PATCH] correct description for server_ca and client_ca

---
 src/test/ssl/conf/client_ca.config | 8 +++++---
 src/test/ssl/conf/server_ca.config | 8 +++++---
 2 files changed, 10 insertions(+), 6 deletions(-)

diff --git a/src/test/ssl/conf/client_ca.config 
b/src/test/ssl/conf/client_ca.config
index 5990f06000..08365aac95 100644
--- a/src/test/ssl/conf/client_ca.config
+++ b/src/test/ssl/conf/client_ca.config
@@ -1,7 +1,9 @@
-# An OpenSSL format CSR config file for creating the client root certificate.
-# This configuration file is also used when operating the CA.
+# An OpenSSL format CSR config file for creating the client Intermediate
+# Certificate Authority. This configuration file is also used when operating
+# the CA.
 #
-# This certificate is used to sign client certificates. It is self-signed.
+# This certificate is used to sign client certificates. It is an Intermediate
+# CA.
 
 [ req ]
 distinguished_name     = req_distinguished_name
diff --git a/src/test/ssl/conf/server_ca.config 
b/src/test/ssl/conf/server_ca.config
index 496aaba29f..15f8d1590f 100644
--- a/src/test/ssl/conf/server_ca.config
+++ b/src/test/ssl/conf/server_ca.config
@@ -1,7 +1,9 @@
-# An OpenSSL format CSR config file for creating the server root certificate.
-# This configuration file is also used when operating the CA.
+# An OpenSSL format CSR config file for creating the server Intermediate
+# Certificate Authority. This configuration file is also used when operating
+# the CA.
 #
-# This certificate is used to sign server certificates. It is self-signed.
+# This certificate is used to sign server certificates. It is an Intermediate
+# CA.
 
 [ req ]
 distinguished_name     = req_distinguished_name
-- 
2.34.1























					Reply via email to