From a77fbdcb8d40db4101bcea9ce3e15a3a70aabfa3 Mon Sep 17 00:00:00 2001
From: Seth Michael Larson <sethmichaellarson@gmail.com>
Date: Sun, 19 Mar 2023 21:54:13 -0500
Subject: [PATCH] Add basic constraints to certificate

---
 tests/lib/certs.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/tests/lib/certs.py b/tests/lib/certs.py
index 98cf2a0ea1f..344899747f7 100644
--- a/tests/lib/certs.py
+++ b/tests/lib/certs.py
@@ -25,6 +25,10 @@ def make_tls_cert(hostname: str) -> Tuple[x509.Certificate, rsa.RSAPrivateKey]:
         .serial_number(x509.random_serial_number())
         .not_valid_before(datetime.utcnow())
         .not_valid_after(datetime.utcnow() + timedelta(days=10))
+        .add_extension(
+            x509.BasicConstraints(ca=True, path_length=9),
+            critical=True,
+        )
         .add_extension(
             x509.SubjectAlternativeName([x509.DNSName(hostname)]),
             critical=False,