gencert.py: Specify X.509 certificate version 3

By default, pyOpenSSL generates X.509 certification version 1. However, Chrome does not work with X.509 with version 1 and fails with ERR_SSL_SERVER_CERT_BAD_FORMAT error. Set version 3 to generate X.509 certificate. Signed-off-by: Shin'ichiro Kawasaki <kawasaki@juno.dti.ne.jp>
2025-07-21 17:41:18 +02:00 · 2020-10-23 17:39:02 +09:00
parent ac819b926d
commit 7de173f324
1 changed files with 1 additions and 0 deletions
--- a/pyscrlink/gencert.py
+++ b/pyscrlink/gencert.py
@@ -60,6 +60,7 @@ def gen_cert(cert_path, key_path):
    cert.get_subject().CN = SCRATCH_CERT_NICKNAME
    cert.gmtime_adj_notBefore(9)
    cert.gmtime_adj_notAfter(10 * 365 * 24 * 60 * 60)  # ten years
+    cert.set_version(2) # version 3 of X.509 (0 start)
    cert.set_pubkey(key)
    cert.set_issuer(cert.get_subject())
    cert.add_extensions([