From 38c304a58ffa47bba850626d2233776323528ee0 Mon Sep 17 00:00:00 2001 From: Dan Fandrich Date: Sat, 21 Mar 2015 14:23:00 +0100 Subject: [PATCH] tests/certs: added make target to rebuild certificates The certificate generation scripts were also updated to better match the format of the certificates currently checked in. --- tests/certs/Makefile.am | 35 +++++++++++++++++++++++++++------- tests/certs/scripts/genroot.sh | 8 ++++---- tests/certs/scripts/genserv.sh | 4 ++-- 3 files changed, 34 insertions(+), 13 deletions(-) diff --git a/tests/certs/Makefile.am b/tests/certs/Makefile.am index ddb5c9fb1..c26aa1e68 100644 --- a/tests/certs/Makefile.am +++ b/tests/certs/Makefile.am @@ -23,14 +23,19 @@ AUTOMAKE_OPTIONS = foreign SUBDIRS = scripts -CERTFILES = \ - EdelCurlRoot-ca.cacert \ +CERTCONFIGS = \ + EdelCurlRoot-ca.prm \ EdelCurlRoot-ca.cnf \ + Server-localhost-sv.prm \ + Server-localhost.nn-sv.prm \ + Server-localhost0h-sv.prm + +GENERATEDCERTS = \ + EdelCurlRoot-ca.cacert \ EdelCurlRoot-ca.crt \ EdelCurlRoot-ca.csr \ EdelCurlRoot-ca.der \ EdelCurlRoot-ca.key \ - EdelCurlRoot-ca.prm \ Server-localhost-sv.crl \ Server-localhost-sv.crt \ Server-localhost-sv.csr \ @@ -39,7 +44,6 @@ CERTFILES = \ Server-localhost-sv.key \ Server-localhost-sv.p12 \ Server-localhost-sv.pem \ - Server-localhost-sv.prm \ Server-localhost-sv.pub.der \ Server-localhost-sv.pub.pem \ Server-localhost.nn-sv.crl \ @@ -49,7 +53,6 @@ CERTFILES = \ Server-localhost.nn-sv.dhp \ Server-localhost.nn-sv.key \ Server-localhost.nn-sv.pem \ - Server-localhost.nn-sv.prm \ Server-localhost.nn-sv.pub.der \ Server-localhost.nn-sv.pub.pem \ Server-localhost0h-sv.crl \ @@ -60,7 +63,6 @@ CERTFILES = \ Server-localhost0h-sv.key \ Server-localhost0h-sv.p12 \ Server-localhost0h-sv.pem \ - Server-localhost0h-sv.prm \ Server-localhost0h-sv.pub.der \ Server-localhost0h-sv.pub.pem @@ -68,5 +70,24 @@ SRPFILES = \ srp-verifier-conf \ srp-verifier-db -EXTRA_DIST = $(CERTFILES) $(SRPFILES) +EXTRA_DIST = $(CERTCONFIGS) $(GENERATEDCERTS) $(SRPFILES) +# Rebuild the certificates + +clean-certs: + cd $(srcdir); rm -f $(GENERATEDCERTS) + +build-certs: $(srcdir)/EdelCurlRoot-ca.cacert $(srcdir)/Server-localhost-sv.pem \ + $(srcdir)/Server-localhost.nn-sv.pem $(srcdir)/Server-localhost0h-sv.pem + +$(srcdir)/EdelCurlRoot-ca.cacert: + cd $(srcdir); scripts/genroot.sh EdelCurlRoot + +$(srcdir)/Server-localhost-sv.pem: $(srcdir)/EdelCurlRoot-ca.cacert + cd $(srcdir); scripts/genserv.sh Server-localhost EdelCurlRoot + +$(srcdir)/Server-localhost.nn-sv.pem: $(srcdir)/EdelCurlRoot-ca.cacert + cd $(srcdir); scripts/genserv.sh Server-localhost.nn EdelCurlRoot + +$(srcdir)/Server-localhost0h-sv.pem: $(srcdir)/EdelCurlRoot-ca.cacert + cd $(srcdir); scripts/genserv.sh Server-localhost0h EdelCurlRoot diff --git a/tests/certs/scripts/genroot.sh b/tests/certs/scripts/genroot.sh index 6ac138873..4d2118aae 100755 --- a/tests/certs/scripts/genroot.sh +++ b/tests/certs/scripts/genroot.sh @@ -50,15 +50,15 @@ echo "openssl x509 -set_serial $SERIAL -extfile $PREFIX-ca.prm -days $DURATION - $OPENSSL x509 -set_serial $SERIAL -extfile $PREFIX-ca.prm -days $DURATION -req -signkey $PREFIX-ca.key -in $PREFIX-ca.csr -out $PREFIX-$SERIAL-ca.cacert -sha1 -echo "openssl x509 -text -hash -out $PREFIX-ca.cacert -in $PREFIX-$SERIAL-ca.cacert -nameopt multiline" -$OPENSSL x509 -text -hash -out $PREFIX-ca.cacert -in $PREFIX-$SERIAL-ca.cacert -nameopt multiline +echo "openssl x509 -text -in $PREFIX-$SERIAL-ca.cacert -nameopt multiline > $PREFIX-ca.cacert " +$OPENSSL x509 -text -in $PREFIX-$SERIAL-ca.cacert -nameopt multiline > $PREFIX-ca.cacert echo "openssl x509 -in $PREFIX-ca.cacert -outform der -out $PREFIX-ca.der " $OPENSSL x509 -in $PREFIX-ca.cacert -outform der -out $PREFIX-ca.der -echo "openssl x509 -in $PREFIX-ca.cacert -text -out $PREFIX-ca.crt -nameopt multiline" +echo "openssl x509 -in $PREFIX-ca.cacert -text -nameopt multiline > $PREFIX-ca.crt " -$OPENSSL x509 -in $PREFIX-ca.cacert -text -out $PREFIX-ca.crt -nameopt multiline +$OPENSSL x509 -in $PREFIX-ca.cacert -text -nameopt multiline > $PREFIX-ca.crt echo "openssl x509 -noout -text -in $PREFIX-ca.cacert -nameopt multiline" $OPENSSL x509 -noout -text -in $PREFIX-ca.cacert -nameopt multiline diff --git a/tests/certs/scripts/genserv.sh b/tests/certs/scripts/genserv.sh index 80876ec51..e7845c5c1 100755 --- a/tests/certs/scripts/genserv.sh +++ b/tests/certs/scripts/genserv.sh @@ -81,9 +81,9 @@ $OPENSSL rsa -in $PREFIX-sv.key -pubout -outform DER -out $PREFIX-sv.pub.der echo "openssl rsa -in $PREFIX-sv.key -pubout -outform PEM -out $PREFIX-sv.pub.pem" $OPENSSL rsa -in $PREFIX-sv.key -pubout -outform PEM -out $PREFIX-sv.pub.pem -echo "openssl x509 -set_serial $SERIAL -extfile $PREFIX-sv.prm -days $DURATION -CA $CAPREFIX-ca.cacert -CAkey $CAPREFIX-ca.key -in $PREFIX-sv.csr -req -out $PREFIX-sv.crt -text -nameopt multiline -sha1" +echo "openssl x509 -set_serial $SERIAL -extfile $PREFIX-sv.prm -days $DURATION -CA $CAPREFIX-ca.cacert -CAkey $CAPREFIX-ca.key -in $PREFIX-sv.csr -req -text -nameopt multiline -sha1 > $PREFIX-sv.crt " -$OPENSSL x509 -set_serial $SERIAL -extfile $PREFIX-sv.prm -days $DURATION -CA $CAPREFIX-ca.cacert -CAkey $CAPREFIX-ca.key -in $PREFIX-sv.csr -req -out $PREFIX-sv.crt -text -nameopt multiline -sha1 +$OPENSSL x509 -set_serial $SERIAL -extfile $PREFIX-sv.prm -days $DURATION -CA $CAPREFIX-ca.cacert -CAkey $CAPREFIX-ca.key -in $PREFIX-sv.csr -req -text -nameopt multiline -sha1 > $PREFIX-sv.crt if [ "$P12." = YES. ] ; then