gh-120762: fix make_ssl_certs.py - no SKID or AKID in CSR by AdamWill · Pull Request #120764 · python/cpython

Per openssl/openssl#22966 , it is not
valid to have a subjectKeyIdentifier or an authorityKeyIdentifier
in a CSR. Up until openssl 3.2.0 this happened not to cause an
error, but since a bugfix in 3.2.0 it does:

80D2CF679F7F0000:error:11000079:X509 V3 routines:v2i_AUTHORITY_KEYID:no issuer certificate:crypto/x509/v3_akid.c:156:

To fix this, when generating a signed certificate, let's always
use req_x509_extensions_simple for the CSR, and use the specified
req (usually req_x509_extensions_full) only when asking the CA to
process the CSR and produce the final signed certificate.

Signed-off-by: Adam Williamson <awilliam@redhat.com>