def mkreq(bits, ca=0, cn=cert_cn, c=cert_c):
pk = EVP.PKey()
x = X509.Request()
rsa = RSA.gen_key(bits, 65537, callback)
pk.assign_rsa(rsa)
x.set_pubkey(pk)
name = x.get_subject()
name.C = c
name.CN = cn
if not ca:
ext1 = X509.new_extension('subjectAltName', 'DNS:' + cn)
ext2 = X509.new_extension('nsComment', 'Hello there')
extstack = X509.X509_Extension_Stack()
extstack.push(ext1)
extstack.push(ext2)
x.add_extensions(extstack)
x.sign(pk, 'sha256')
assert x.verify(pk)
pk2 = x.get_pubkey()
assert x.verify(pk2)
return x, pk
