diff options
| author |   tobhe <tobhe@openbsd.org> | 2020-01-15 22:47:24 +0000 |
|---|---|---|
| committer | tobhe <tobhe@openbsd.org> | 2020-01-15 22:47:24 +0000 |
| commit | 2a9551c7a233464715da243e7d44db6bb7aa3808 (patch) | |
| tree | 1cfb1876b7ae29bea9e821af42f7c4ab712ce8f2 | |
| parent | Do the actual pfr_strerror() to pf_strerror() rename (diff) | |
| download | wireguard-openbsd-2a9551c7a233464715da243e7d44db6bb7aa3808.tar.xz wireguard-openbsd-2a9551c7a233464715da243e7d44db6bb7aa3808.zip | |
Add multiple altname fields and test for different subjectAltName formats
and indices.
| -rw-r--r-- | regress/sbin/iked/live/Makefile | 20 | ||||
| -rw-r--r-- | regress/sbin/iked/live/crt.in | 9 |
2 files changed, 24 insertions, 5 deletions
diff --git a/regress/sbin/iked/live/Makefile b/regress/sbin/iked/live/Makefile index 077f8bb3453..fcc7af427f7 100644 --- a/regress/sbin/iked/live/Makefile +++ b/regress/sbin/iked/live/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.4 2020/01/15 18:34:21 tobhe Exp $ +# $OpenBSD: Makefile,v 1.5 2020/01/15 22:47:24 tobhe Exp $ # Copyright (c) 2020 Tobias Heider <tobhe@openbsd.org> # @@ -125,8 +125,6 @@ cleanup: -ssh ${RIGHT_SSH} 'rm -f /tmp/test.conf; ipsecctl -F; pkill iked; \ rm -f /etc/iked/ca/*; rm -f /etc/iked/certs/*; rm -f /etc/iked/private/*' -REGRESS_TARGETS = run-cert-single-ca run-cert-multi-ca run-psk run-fragmentation run-ipcomp - setup_certs: ca-both.crt left-from-ca-both.crt left.key right-from-ca-both.crt \ right.key ca-left.crt right-from-ca-left.crt ca-right.crt left-from-ca-right.crt echo "cd /etc/iked\n \ @@ -171,6 +169,7 @@ ca-right.crt ca-right.key: left-from-ca-right.crt left.key: ca-right.crt ca-right.key caname=ca-right; name=left; ${SETUP_CERT} +REGRESS_TARGETS = run-cert-single-ca run-cert-single-ca: @echo '======= $@ ========' flowtype=esp; @@ -181,6 +180,7 @@ run-cert-single-ca: flowtype=esp; ${TEST_FLOWS} ${TEST_PING} +REGRESS_TARGETS += run-cert-multi-ca run-cert-multi-ca: @echo '======= $@ ========' flowtype=esp; \ @@ -191,6 +191,18 @@ run-cert-multi-ca: flowtype=esp; ${TEST_FLOWS} ${TEST_PING} +REGRESS_TARGETS += run-cert-second-altname +run-cert-second-altname: + @echo '======= $@ ========' + flowtype=esp; + leftid=left-from-ca-both-alternative; \ + rightid=right-from-ca-both@openbsd.org; \ + ${SETUP_CONFIGS} + ${SETUP_START} + flowtype=esp; ${TEST_FLOWS} + ${TEST_PING} + +REGRESS_TARGETS += run-psk run-psk: @echo '======= $@ ========' auth=psk; \ @@ -202,6 +214,7 @@ run-psk: flowtype=esp; ${TEST_FLOWS} ${TEST_PING} +REGRESS_TARGETS += run-fragmentation run-fragmentation: @echo '======= $@ ========' flowtype=esp; \ @@ -213,6 +226,7 @@ run-fragmentation: flowtype=esp; ${TEST_FLOWS} ${TEST_PING} +REGRESS_TARGETS += run-ipcomp run-ipcomp: @echo '======= $@ ========' flowtype=ipcomp; \ diff --git a/regress/sbin/iked/live/crt.in b/regress/sbin/iked/live/crt.in index 06f461b468d..4bc5381451d 100644 --- a/regress/sbin/iked/live/crt.in +++ b/regress/sbin/iked/live/crt.in @@ -1,4 +1,4 @@ -# $OpenBSD: crt.in,v 1.1 2020/01/15 12:33:11 tobhe Exp $ +# $OpenBSD: crt.in,v 1.2 2020/01/15 22:47:24 tobhe Exp $ [ req ] default_bits = 2048 # default strength of client certificates @@ -17,4 +17,9 @@ O=iked CN=${ENV::ALTNAME} [ req_cert_extensions ] -subjectAltName = DNS:${ENV::ALTNAME} +subjectAltName = @alt_names #;otherName = ${ENV::ALTNAME}-other + +[ alt_names ] +DNS.1=${ENV::ALTNAME} +DNS.2=${ENV::ALTNAME}-alternative +email= ${ENV::ALTNAME}@openbsd.org |