aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--tests/certs/EdelCurlRoot-ca.cnf11
-rwxr-xr-xtests/certs/scripts/genroot.sh7
-rwxr-xr-xtests/certs/scripts/genserv.sh16
3 files changed, 27 insertions, 7 deletions
diff --git a/tests/certs/EdelCurlRoot-ca.cnf b/tests/certs/EdelCurlRoot-ca.cnf
new file mode 100644
index 000000000..ba998817e
--- /dev/null
+++ b/tests/certs/EdelCurlRoot-ca.cnf
@@ -0,0 +1,11 @@
+[ ca ]
+default_ca = EdelCurlRoot
+
+[ EdelCurlRoot ]
+database = EdelCurlRoot-ca.db
+certificate = EdelCurlRoot-ca.crt
+private_key = EdelCurlRoot-ca.key
+crlnumber = EdelCurlRoot-ca.cnt
+default_md = sha1
+default_days = 365
+default_crl_days = 30
diff --git a/tests/certs/scripts/genroot.sh b/tests/certs/scripts/genroot.sh
index b463e2c6e..6ac138873 100755
--- a/tests/certs/scripts/genroot.sh
+++ b/tests/certs/scripts/genroot.sh
@@ -40,8 +40,11 @@ SERIAL=`/usr/bin/env perl -e "$GETSERIAL"`
echo SERIAL=$SERIAL PREFIX=$PREFIX DURATION=$DURATION KEYSIZE=$KEYSIZE
-echo "openssl req -config $PREFIX-ca.prm -newkey rsa:$KEYSIZE -keyout $PREFIX-ca.key -out $PREFIX-ca.csr"
-$OPENSSL req -config $PREFIX-ca.prm -newkey rsa:$KEYSIZE -keyout $PREFIX-ca.key -out $PREFIX-ca.csr
+echo "openssl genrsa -out $PREFIX-ca.key $KEYSIZE -passout XXX"
+openssl genrsa -out $PREFIX-ca.key $KEYSIZE -passout pass:secret
+
+echo "openssl req -config $PREFIX-ca.prm -new -key $PREFIX-ca.key -out $PREFIX-ca.csr"
+$OPENSSL req -config $PREFIX-ca.prm -new -key $PREFIX-ca.key -out $PREFIX-ca.csr -passin pass:secret
echo "openssl x509 -set_serial $SERIAL -extfile $PREFIX-ca.prm -days $DURATION -req -signkey $PREFIX-ca.key -in $PREFIX-ca.csr -out $PREFIX-$SERIAL.ca-cacert -sha1 "
diff --git a/tests/certs/scripts/genserv.sh b/tests/certs/scripts/genserv.sh
index 61145d84b..a70da9c76 100755
--- a/tests/certs/scripts/genserv.sh
+++ b/tests/certs/scripts/genserv.sh
@@ -39,7 +39,7 @@ if [ ".$CAPREFIX" = . ] ; then
NOTOK=1
else
if [ ! -f $CAPREFIX-ca.cacert ] ; then
- echo No CA certficate file $PREFIX-ca.caert
+ echo No CA certficate file $CAPREFIX-ca.caert
NOTOK=1
fi
if [ ! -f $CAPREFIX-ca.key ] ; then
@@ -74,7 +74,6 @@ fi
echo "openssl rsa -in $PREFIX-sv.key -out $PREFIX-sv.key"
$OPENSSL rsa -in $PREFIX-sv.key -out $PREFIX-sv.key -passin pass:secret
echo pseudo secrets generated
-read
echo "openssl x509 -set_serial $SERIAL -extfile $PREFIX-sv.prm -days $DURATION -CA $CAPREFIX-ca.cacert -CAkey $CAPREFIX-ca.key -in $PREFIX-sv.csr -req -out $PREFIX-sv.crt -text -nameopt multiline -sha1"
@@ -85,16 +84,23 @@ if [ "$P12." = YES. ] ; then
echo "$OPENSSL pkcs12 -export -des3 -out $PREFIX-sv.p12 -caname $CAPREFIX -name $PREFIX -inkey $PREFIX-sv.key -in $PREFIX-sv.crt -certfile $CAPREFIX-ca.crt "
$OPENSSL pkcs12 -export -des3 -out $PREFIX-sv.p12 -caname $CAPREFIX -name $PREFIX -inkey $PREFIX-sv.key -in $PREFIX-sv.crt -certfile $CAPREFIX-ca.crt
-
- read
fi
echo "openssl x509 -noout -text -hash -in $PREFIX-sv.selfcert -nameopt multiline"
$OPENSSL x509 -noout -text -hash -in $PREFIX-sv.crt -nameopt multiline
+# revoke server cert
+touch $CAPREFIX-ca.db
+echo 01 > $CAPREFIX-ca.cnt
+echo "openssl ca -config $CAPREFIX-ca.cnf -revoke $PREFIX-sv.crt"
+$OPENSSL ca -config $CAPREFIX-ca.cnf -revoke $PREFIX-sv.crt
+
+# issue CRL
+echo "openssl ca -config $CAPREFIX-ca.cnf -gencrl -out $PREFIX-sv.crl"
+$OPENSSL ca -config $CAPREFIX-ca.cnf -gencrl -out $PREFIX-sv.crl
+
echo "openssl x509 -in $PREFIX-sv.crt -outform der -out $PREFIX-sv.der "
$OPENSSL x509 -in $PREFIX-sv.crt -outform der -out $PREFIX-sv.der
-read
# all together now
touch $PREFIX-sv.dhp