diff options
| author |   inoguchi <inoguchi@openbsd.org> | 2019-06-22 15:51:54 +0000 |
|---|---|---|
| committer | inoguchi <inoguchi@openbsd.org> | 2019-06-22 15:51:54 +0000 |
| commit | b2d16436afd8e78330e48407b87a11a595d420ea (patch) | |
| tree | 9ede03dca9c0f4078b6b7f9c9a6ab729580689bb | |
| parent | Tidy up the comments: (diff) | |
| download | wireguard-openbsd-b2d16436afd8e78330e48407b87a11a595d420ea.tar.xz wireguard-openbsd-b2d16436afd8e78330e48407b87a11a595d420ea.zip | |
Add more option tests to ca in appstest.sh
| -rwxr-xr-x | regress/usr.bin/openssl/appstest.sh | 29 |
1 files changed, 21 insertions, 8 deletions
diff --git a/regress/usr.bin/openssl/appstest.sh b/regress/usr.bin/openssl/appstest.sh index d952f42d3f2..f47f30ce610 100755 --- a/regress/usr.bin/openssl/appstest.sh +++ b/regress/usr.bin/openssl/appstest.sh @@ -1,6 +1,6 @@ #!/bin/sh # -# $OpenBSD: appstest.sh,v 1.18 2019/06/13 08:02:35 inoguchi Exp $ +# $OpenBSD: appstest.sh,v 1.19 2019/06/22 15:51:54 inoguchi Exp $ # # Copyright (c) 2016 Kinichiro Inoguchi <inoguchi@openbsd.org> # @@ -548,7 +548,7 @@ __EOF__ if [ $mingw = 0 ] ; then subj='/C=JP/ST=Tokyo/O=TEST_DUMMY_COMPANY/CN=testCA.test_dummy.com/' else - subj='//C=JP\ST=Tokyo\O=TEST_DUMMY_COMPANY\CN=testTSA.test_dummy.com\' + subj='//C=JP\ST=Tokyo\O=TEST_DUMMY_COMPANY\CN=testCA.test_dummy.com\' fi $openssl_bin req -new -x509 -newkey rsa:2048 -out $ca_cert \ @@ -582,8 +582,12 @@ __EOF__ tsa_cert=$tsa_dir/tsa_cert.pem - $openssl_bin ca -batch -cert $ca_cert -keyfile $ca_key -key $ca_pass \ - -in $tsa_csr -out $tsa_cert -extensions tsa_ext + $openssl_bin ca -batch -cert $ca_cert -keyfile $ca_key -keyform pem \ + -key $ca_pass -config $ssldir/openssl.cnf -create_serial \ + -policy policy_match -days 1 -md sha256 -extensions tsa_ext \ + -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:32 \ + -multivalue-rdn -preserveDN -noemailDN \ + -in $tsa_csr -outdir $tsa_dir -out $tsa_cert -verbose -notext check_exit_status $? #---------#---------#---------#---------#---------#---------#--------- @@ -611,8 +615,10 @@ __EOF__ ocsp_cert=$ocsp_dir/ocsp_cert.pem - $openssl_bin ca -batch -cert $ca_cert -keyfile $ca_key -key $ca_pass \ - -in $ocsp_csr -out $ocsp_cert -extensions ocsp_ext + $openssl_bin ca -batch -cert $ca_cert -keyfile $ca_key -keyform pem \ + -key $ca_pass -out $ocsp_cert -extensions ocsp_ext \ + -startdate `date -u '+%y%m%d%H%M%SZ'` -enddate 491223235959Z \ + -subj $subj -infiles $ocsp_csr check_exit_status $? #---------#---------#---------#---------#---------#---------#--------- @@ -677,11 +683,18 @@ __EOF__ start_message "ca ... revoke server cert#2" crl_file=$ca_dir/crl.pem - $openssl_bin ca -gencrl -out $crl_file -crldays 30 \ - -revoke $revoke_cert \ + $openssl_bin ca -gencrl -out $crl_file -revoke $revoke_cert \ + -config $ssldir/openssl.cnf -name CA_default \ + -crldays 30 -crlhours 12 -crlsec 30 -updatedb \ + -crl_reason unspecified -crl_hold 1.2.840.10040.2.2 \ + -crl_compromise `date -u '+%Y%m%d%H%M%SZ'` \ + -crl_CA_compromise `date -u '+%Y%m%d%H%M%SZ'` \ -keyfile $ca_key -passin pass:$ca_pass -cert $ca_cert check_exit_status $? + start_message "ca ... show certificate status by serial number" + $openssl_bin ca -config $ssldir/openssl.cnf -status 1 + start_message "crl ... CA generates CRL" $openssl_bin crl -in $crl_file -fingerprint check_exit_status $? |