MDEV-33592: Use X509v3 for compatibility with libraries

According to rfc5280, x509v3 was standardised in June 1996. RusTLS only accepts v3 certificates rejected the v1 default. (ref: rustls/webpki#29 (comment)) It seems reasonable that all client libraries can accept v3. Thanks Austin Bonander for the suggested patch.
grooverdan · Mar 5, 2024 · b809645 · b809645
1 parent 058510a
commit b809645
Showing 1 changed file with 2 additions and 0 deletions.
diff --git a/vio/viosslfactories.c b/vio/viosslfactories.c
@@ -125,6 +125,8 @@ static X509 *vio_gencert(EVP_PKEY *pkey)
   if (!(x= X509_new()))
     goto err;
 
+  if (!X509_set_version(x, X509_VERSION_3))
+    goto err;
   if (!(name= X509_get_subject_name(x)))
     goto err;
   if (!X509_NAME_add_entry_by_txt(name, "CN", MBSTRING_ASC,