From 884beb9a0e1d21a46a16d34c9a12bdb1519ed2db 2015-05-31 21:53:01
From: Branko Majic <branko@majic.rs>
Date: 2015-05-31 21:53:01
Subject: [PATCH] MAR-5: Fixed a typo in docs for test site (wrong filename path for certificate). Added encryption_key option to certtool templates in test site in order to have key encipherment key usage in resulting certificates (otherwise Thunderbird, for example, won't be able to connect to SMTP server).

---

diff --git a/docs/testsite.rst b/docs/testsite.rst
index 1f87bd8fd1d648ddba4cc1c0b85cdc513b620e9d..9dcbb064a99f0728400a178a52ab8c2218d31c94 100644
--- a/docs/testsite.rst
+++ b/docs/testsite.rst
@@ -93,7 +93,7 @@ In order to deploy the test site, the following steps would normally be taken:
      be ``web.example.com``)
    - ``testsite/tls/web.example.com_https.pem`` (subject alternative name should
      be ``web.example.com``)
-   - ``testsite/tls/phpinffo.example.com_https.pem`` (subject alternative name
+   - ``testsite/tls/phpinfo.example.com_https.pem`` (subject alternative name
      should be ``phpinfo.example.com``)
    - ``testsite/tls/wsgi.example.com_https.pem`` (subject alternative name
      should be ``wsgi.example.com``)
diff --git a/testsite/tls/templates/ldap.example.com_ldap.cfg b/testsite/tls/templates/ldap.example.com_ldap.cfg
index af86c584fb19cc7dd96f2ea847f8202a9d752ecc..6dc4d541020235416c638ec920444d60c975d5b5 100644
--- a/testsite/tls/templates/ldap.example.com_ldap.cfg
+++ b/testsite/tls/templates/ldap.example.com_ldap.cfg
@@ -25,3 +25,8 @@ tls_www_server
 # Whether this certificate will be used to sign data (needed
 # in TLS DHE ciphersuites).
 signing_key
+
+# Whether this certificate will be used to encrypt data (needed
+# in TLS RSA ciphersuites). Note that it is preferred to use different
+# keys for encryption and signing.
+encryption_key
diff --git a/testsite/tls/templates/mail.example.com_smtp.cfg b/testsite/tls/templates/mail.example.com_smtp.cfg
index 5910ad13a5a88ef1383f89721d58913e38309a43..4a32651b000f27e57878864024f919da0cae09c2 100644
--- a/testsite/tls/templates/mail.example.com_smtp.cfg
+++ b/testsite/tls/templates/mail.example.com_smtp.cfg
@@ -25,3 +25,8 @@ tls_www_server
 # Whether this certificate will be used to sign data (needed
 # in TLS DHE ciphersuites).
 signing_key
+
+# Whether this certificate will be used to encrypt data (needed
+# in TLS RSA ciphersuites). Note that it is preferred to use different
+# keys for encryption and signing.
+encryption_key
diff --git a/testsite/tls/templates/phpinfo.example.com_https.cfg b/testsite/tls/templates/phpinfo.example.com_https.cfg
index 6815c7a1d1ae1432b000fd4c91587fb6fe4e040c..269d4850252c45804165f54b7e39641bbdcba6c9 100644
--- a/testsite/tls/templates/phpinfo.example.com_https.cfg
+++ b/testsite/tls/templates/phpinfo.example.com_https.cfg
@@ -25,3 +25,8 @@ tls_www_server
 # Whether this certificate will be used to sign data (needed
 # in TLS DHE ciphersuites).
 signing_key
+
+# Whether this certificate will be used to encrypt data (needed
+# in TLS RSA ciphersuites). Note that it is preferred to use different
+# keys for encryption and signing.
+encryption_key
diff --git a/testsite/tls/templates/web.example.com_https.cfg b/testsite/tls/templates/web.example.com_https.cfg
index 823765f8fb76b12e8a508b9536a760f8397e61ff..a422b6e124ec1f93e725c8a75c12c79599af6966 100644
--- a/testsite/tls/templates/web.example.com_https.cfg
+++ b/testsite/tls/templates/web.example.com_https.cfg
@@ -25,3 +25,8 @@ tls_www_server
 # Whether this certificate will be used to sign data (needed
 # in TLS DHE ciphersuites).
 signing_key
+
+# Whether this certificate will be used to encrypt data (needed
+# in TLS RSA ciphersuites). Note that it is preferred to use different
+# keys for encryption and signing.
+encryption_key
diff --git a/testsite/tls/templates/wsgi.example.com_https.cfg b/testsite/tls/templates/wsgi.example.com_https.cfg
index e15e9e21e4723527b912b46cb712e6069cd9883c..442aa3e400ff278f2205d90b493d8d518b7b8b9b 100644
--- a/testsite/tls/templates/wsgi.example.com_https.cfg
+++ b/testsite/tls/templates/wsgi.example.com_https.cfg
@@ -25,3 +25,8 @@ tls_www_server
 # Whether this certificate will be used to sign data (needed
 # in TLS DHE ciphersuites).
 signing_key
+
+# Whether this certificate will be used to encrypt data (needed
+# in TLS RSA ciphersuites). Note that it is preferred to use different
+# keys for encryption and signing.
+encryption_key
diff --git a/testsite/tls/templates/xmpp.example.com_xmpp.cfg b/testsite/tls/templates/xmpp.example.com_xmpp.cfg
index ad7b4ed3a372cba044dc66a03899fbbafc527812..d35b85b0c6f54d4629aad9a456cda9cbd786f738 100644
--- a/testsite/tls/templates/xmpp.example.com_xmpp.cfg
+++ b/testsite/tls/templates/xmpp.example.com_xmpp.cfg
@@ -25,3 +25,8 @@ tls_www_server
 # Whether this certificate will be used to sign data (needed
 # in TLS DHE ciphersuites).
 signing_key
+
+# Whether this certificate will be used to encrypt data (needed
+# in TLS RSA ciphersuites). Note that it is preferred to use different
+# keys for encryption and signing.
+encryption_key