From 783869c2e96794124e97d1d485b8488ac94cd024 Mon Sep 17 00:00:00 2001
From: Paul Andrey <paul.andrey@inria.fr>
Date: Fri, 1 Sep 2023 11:26:18 +0200
Subject: [PATCH] Fix self-signed CA generation.

---
 declearn/test_utils/_gen_ssl.py | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/declearn/test_utils/_gen_ssl.py b/declearn/test_utils/_gen_ssl.py
index 46f2aff3..9540c964 100644
--- a/declearn/test_utils/_gen_ssl.py
+++ b/declearn/test_utils/_gen_ssl.py
@@ -194,14 +194,20 @@ def gen_ssl_ca(
     ]
     subject_name = x509.Name(identifiers)
     today = datetime.datetime.now(datetime.timezone.utc)
-    cert = x509.CertificateBuilder(
+    cert_builder = x509.CertificateBuilder(
         subject_name=subject_name,
         issuer_name=subject_name,
         public_key=key.public_key(),
         serial_number=x509.random_serial_number(),
         not_valid_before=today,
         not_valid_after=today + datetime.timedelta(days=duration),
-    ).sign(key, cryptography.hazmat.primitives.hashes.SHA256())
+    )
+    cert_builder = cert_builder.add_extension(
+        x509.BasicConstraints(ca=True, path_length=None), critical=True
+    )
+    cert = cert_builder.sign(
+        key, cryptography.hazmat.primitives.hashes.SHA256()
+    )
     # Export the certificate to a PEM file.
     ca_cert = os.path.join(folder, "ca-cert.pem")
     cert_bytes = cert.public_bytes(crypto_serialization.Encoding.PEM)
-- 
GitLab