def mkreq(bits, ca=0, cn=cert_cn, c=cert_c): pk = EVP.PKey() x = X509.Request() rsa = RSA.gen_key(bits, 65537, callback) pk.assign_rsa(rsa) x.set_pubkey(pk) name = x.get_subject() name.C = c name.CN = cn if not ca: ext1 = X509.new_extension('subjectAltName', 'DNS:' + cn) ext2 = X509.new_extension('nsComment', 'Hello there') extstack = X509.X509_Extension_Stack() extstack.push(ext1) extstack.push(ext2) x.add_extensions(extstack) x.sign(pk, 'sha256') assert x.verify(pk) pk2 = x.get_pubkey() assert x.verify(pk2) return x, pk