From 7de173f324bd7a723ce0bb694b26517ea0dbf027 Mon Sep 17 00:00:00 2001
From: Shin'ichiro Kawasaki <kawasaki@juno.dti.ne.jp>
Date: Fri, 23 Oct 2020 17:39:02 +0900
Subject: [PATCH] gencert.py: Specify X.509 certificate version 3

By default, pyOpenSSL generates X.509 certification version 1. However,
Chrome does not work with X.509 with version 1 and fails with
ERR_SSL_SERVER_CERT_BAD_FORMAT error. Set version 3 to generate X.509
certificate.

Signed-off-by: Shin'ichiro Kawasaki <kawasaki@juno.dti.ne.jp>
---
 pyscrlink/gencert.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/pyscrlink/gencert.py b/pyscrlink/gencert.py
index 06c0736..7be3237 100755
--- a/pyscrlink/gencert.py
+++ b/pyscrlink/gencert.py
@@ -60,6 +60,7 @@ def gen_cert(cert_path, key_path):
     cert.get_subject().CN = SCRATCH_CERT_NICKNAME
     cert.gmtime_adj_notBefore(9)
     cert.gmtime_adj_notAfter(10 * 365 * 24 * 60 * 60)  # ten years
+    cert.set_version(2) # version 3 of X.509 (0 start)
     cert.set_pubkey(key)
     cert.set_issuer(cert.get_subject())
     cert.add_extensions([