Use P-256 for EC tests

Fedora/RedHat OpenSSL supports only P-256, P-384 and P-521.

The new mkcert.sh script can create updated certs when these
expire on Jan 17th 2038.
This commit is contained in:
Viktor Dukhovni
2014-03-04 23:42:19 +00:00
committed by Viktor Dukhovni
parent 6bfcd13506
commit 46e0bd3c68
22 changed files with 205 additions and 109 deletions

View File

@@ -349,15 +349,15 @@ EXTRA_DIST = \
tst-crypto-select6 \
tst-crypto-select7 \
data/n0ll.pem \
data/secp160r1TestCA.cert.pem \
data/secp160r1TestCA.key.pem \
data/secp160r1TestCA.pem \
data/secp160r2TestClient.cert.pem \
data/secp160r2TestClient.key.pem \
data/secp160r2TestClient.pem \
data/secp160r2TestServer.cert.pem \
data/secp160r2TestServer.key.pem \
data/secp160r2TestServer.pem \
data/secp256r1TestCA.cert.pem \
data/secp256r1TestCA.key.pem \
data/secp256r1TestCA.pem \
data/secp256r2TestClient.cert.pem \
data/secp256r2TestClient.key.pem \
data/secp256r2TestClient.pem \
data/secp256r2TestServer.cert.pem \
data/secp256r2TestServer.key.pem \
data/secp256r2TestServer.pem \
data/bleichenbacher-bad.pem \
data/bleichenbacher-good.pem \
data/bleichenbacher-sf-pad-correct.pem \

84
lib/hx509/data/mkcert.sh Executable file
View File

@@ -0,0 +1,84 @@
#! /bin/bash
set -e
# For now, avoid going past the 2038 32-bit clock rollover
DAYS=$(( ( 0x7fffffff - $(date +%s) ) / 86400 - 1 ))
key() {
local key=$1; shift
if [ ! -f "${key}.pem" ]; then
openssl genpkey \
-paramfile <(openssl ecparam -name prime256v1) \
-out "${key}.pem"
fi
}
req() {
local key=$1; shift
local dn=$1; shift
openssl req -new -sha256 -key "${key}.pem" \
-config <(printf "[req]\n%s\n%s\n[dn]\nCN_default=foo\n" \
"prompt = yes" "distinguished_name = dn") \
-subj "${dn}"
}
cert() {
local cert=$1; shift
local exts=$1; shift
openssl x509 -req -sha256 -out "${cert}.pem" \
-extfile <(printf "%s\n" "$exts") "$@"
}
genroot() {
local dn=$1; shift
local key=$1; shift
local cert=$1; shift
exts=$(printf "%s\n%s\n%s\n%s\n" \
"subjectKeyIdentifier = hash" \
"authorityKeyIdentifier = keyid" \
"basicConstraints = CA:true" \
"keyUsage = keyCertSign, cRLSign" )
key "$key"; req "$key" "$dn" |
cert "$cert" "$exts" -signkey "${key}.pem" \
-set_serial 1 -days "${DAYS}"
}
genee() {
local dn=$1; shift
local key=$1; shift
local cert=$1; shift
local cakey=$1; shift
local cacert=$1; shift
exts=$(printf "%s\n%s\n%s\n%s\n" \
"subjectKeyIdentifier = hash" \
"authorityKeyIdentifier = keyid, issuer" \
"basicConstraints = CA:false" \
"keyUsage = digitalSignature, keyEncipherment, dataEncipherment" \
)
key "$key"; req "$key" "$dn" |
cert "$cert" "$exts" -CA "${cacert}.pem" -CAkey "${cakey}.pem" \
-set_serial 2 -days "${DAYS}" "$@"
}
genroot "/C=SE/O=Heimdal/CN=CA secp256r1" \
secp256r1TestCA.key secp256r1TestCA.cert
genee "/C=SE/O=Heimdal/CN=Server" \
secp256r2TestServer.key secp256r2TestServer.cert \
secp256r1TestCA.key secp256r1TestCA.cert
genee "/C=SE/O=Heimdal/CN=Client" \
secp256r2TestClient.key secp256r2TestClient.cert \
secp256r1TestCA.key secp256r1TestCA.cert
cat secp256r1TestCA.key.pem secp256r1TestCA.cert.pem > \
secp256r1TestCA.pem
cat secp256r2TestClient.cert.pem secp256r2TestClient.key.pem > \
secp256r2TestClient.pem
cat secp256r2TestServer.cert.pem secp256r2TestServer.key.pem > \
secp256r2TestServer.pem

View File

@@ -1,12 +0,0 @@
-----BEGIN CERTIFICATE-----
MIIBxjCCAYagAwIBAgIJAKjMYS/6EOLdMAkGByqGSM49BAEwNjELMAkGA1UEBhMC
U0UxEDAOBgNVBAoTB0hlaW1kYWwxFTATBgNVBAMTDENBIHNlY3AxNjByMTAeFw0w
OTAyMTQxNzUwMDRaFw0yMDAxMjgxNzUwMDRaMDYxCzAJBgNVBAYTAlNFMRAwDgYD
VQQKEwdIZWltZGFsMRUwEwYDVQQDEwxDQSBzZWNwMTYwcjEwPjAQBgcqhkjOPQIB
BgUrgQQACAMqAASMHokF13aCVrlhMSr9Vgofj7loM2a7ZrU3h8/j1n/cO24ceyN/
DpsOo4GYMIGVMB0GA1UdDgQWBBS58EWwgNdBwkYVhUSNzwIehHhEDzBmBgNVHSME
XzBdgBS58EWwgNdBwkYVhUSNzwIehHhED6E6pDgwNjELMAkGA1UEBhMCU0UxEDAO
BgNVBAoTB0hlaW1kYWwxFTATBgNVBAMTDENBIHNlY3AxNjByMYIJAKjMYS/6EOLd
MAwGA1UdEwQFMAMBAf8wCQYHKoZIzj0EAQMvADAsAhRZPKbqMYDATJasRcXQfEh5
8oHCywIUGZ0h6FqSvPgpkZ7hoU+ZEFJ/D88=
-----END CERTIFICATE-----

View File

@@ -1,4 +0,0 @@
-----BEGIN EC PRIVATE KEY-----
MFACAQEEFHegiSlX0311KSBjNrbzq6HrKjkYoAcGBSuBBAAIoSwDKgAEjB6JBdd2
gla5YTEq/VYKH4+5aDNmu2a1N4fP49Z/3DtuHHsjfw6bDg==
-----END EC PRIVATE KEY-----

View File

@@ -1,18 +0,0 @@
issuer= /C=SE/O=Heimdal/CN=CA secp160r1
subject= /C=SE/O=Heimdal/CN=CA secp160r1
-----BEGIN CERTIFICATE-----
MIIBxjCCAYagAwIBAgIJAKjMYS/6EOLdMAkGByqGSM49BAEwNjELMAkGA1UEBhMC
U0UxEDAOBgNVBAoTB0hlaW1kYWwxFTATBgNVBAMTDENBIHNlY3AxNjByMTAeFw0w
OTAyMTQxNzUwMDRaFw0yMDAxMjgxNzUwMDRaMDYxCzAJBgNVBAYTAlNFMRAwDgYD
VQQKEwdIZWltZGFsMRUwEwYDVQQDEwxDQSBzZWNwMTYwcjEwPjAQBgcqhkjOPQIB
BgUrgQQACAMqAASMHokF13aCVrlhMSr9Vgofj7loM2a7ZrU3h8/j1n/cO24ceyN/
DpsOo4GYMIGVMB0GA1UdDgQWBBS58EWwgNdBwkYVhUSNzwIehHhEDzBmBgNVHSME
XzBdgBS58EWwgNdBwkYVhUSNzwIehHhED6E6pDgwNjELMAkGA1UEBhMCU0UxEDAO
BgNVBAoTB0hlaW1kYWwxFTATBgNVBAMTDENBIHNlY3AxNjByMYIJAKjMYS/6EOLd
MAwGA1UdEwQFMAMBAf8wCQYHKoZIzj0EAQMvADAsAhRZPKbqMYDATJasRcXQfEh5
8oHCywIUGZ0h6FqSvPgpkZ7hoU+ZEFJ/D88=
-----END CERTIFICATE-----
-----BEGIN EC PRIVATE KEY-----
MFACAQEEFHegiSlX0311KSBjNrbzq6HrKjkYoAcGBSuBBAAIoSwDKgAEjB6JBdd2
gla5YTEq/VYKH4+5aDNmu2a1N4fP49Z/3DtuHHsjfw6bDg==
-----END EC PRIVATE KEY-----

View File

@@ -1,9 +0,0 @@
-----BEGIN CERTIFICATE-----
MIIBIDCB4AIJAN1XzNknE3lDMAkGByqGSM49BAEwNjELMAkGA1UEBhMCU0UxEDAO
BgNVBAoTB0hlaW1kYWwxFTATBgNVBAMTDENBIHNlY3AxNjByMTAeFw0wOTAyMTQx
NzUwMDRaFw0yMDAxMjgxNzUwMDRaMDAxCzAJBgNVBAYTAlNFMRAwDgYDVQQKEwdI
ZWltZGFsMQ8wDQYDVQQDEwZDbGllbnQwPjAQBgcqhkjOPQIBBgUrgQQAHgMqAASA
oVzj3A0W1FaSmc0NwTRdX4A8eCbDb6pf07vMpUcOqvdXVGwWN3HhMAkGByqGSM49
BAEDMAAwLQIURJ9Jdesm0rqwpOAn8K23GdWlCkYCFQDmJtqiOLs4jjUUP6T7O17M
Iwyrvg==
-----END CERTIFICATE-----

View File

@@ -1,4 +0,0 @@
-----BEGIN EC PRIVATE KEY-----
MFACAQEEFNz0QJPbDlTBMSOfUoxNSzOOpRKyoAcGBSuBBAAeoSwDKgAEgKFc49wN
FtRWkpnNDcE0XV+APHgmw2+qX9O7zKVHDqr3V1RsFjdx4Q==
-----END EC PRIVATE KEY-----

View File

@@ -1,15 +0,0 @@
issuer= /C=SE/O=Heimdal/CN=CA secp160r1
subject= /C=SE/O=Heimdal/CN=Client
-----BEGIN CERTIFICATE-----
MIIBIDCB4AIJAN1XzNknE3lDMAkGByqGSM49BAEwNjELMAkGA1UEBhMCU0UxEDAO
BgNVBAoTB0hlaW1kYWwxFTATBgNVBAMTDENBIHNlY3AxNjByMTAeFw0wOTAyMTQx
NzUwMDRaFw0yMDAxMjgxNzUwMDRaMDAxCzAJBgNVBAYTAlNFMRAwDgYDVQQKEwdI
ZWltZGFsMQ8wDQYDVQQDEwZDbGllbnQwPjAQBgcqhkjOPQIBBgUrgQQAHgMqAASA
oVzj3A0W1FaSmc0NwTRdX4A8eCbDb6pf07vMpUcOqvdXVGwWN3HhMAkGByqGSM49
BAEDMAAwLQIURJ9Jdesm0rqwpOAn8K23GdWlCkYCFQDmJtqiOLs4jjUUP6T7O17M
Iwyrvg==
-----END CERTIFICATE-----
-----BEGIN EC PRIVATE KEY-----
MFACAQEEFNz0QJPbDlTBMSOfUoxNSzOOpRKyoAcGBSuBBAAeoSwDKgAEgKFc49wN
FtRWkpnNDcE0XV+APHgmw2+qX9O7zKVHDqr3V1RsFjdx4Q==
-----END EC PRIVATE KEY-----

View File

@@ -1,9 +0,0 @@
-----BEGIN CERTIFICATE-----
MIIBIDCB4AIJAN1XzNknE3lCMAkGByqGSM49BAEwNjELMAkGA1UEBhMCU0UxEDAO
BgNVBAoTB0hlaW1kYWwxFTATBgNVBAMTDENBIHNlY3AxNjByMTAeFw0wOTAyMTQx
NzUwMDRaFw0yMDAxMjgxNzUwMDRaMDAxCzAJBgNVBAYTAlNFMRAwDgYDVQQKEwdI
ZWltZGFsMQ8wDQYDVQQDEwZTZXJ2ZXIwPjAQBgcqhkjOPQIBBgUrgQQAHgMqAARA
IUAwnwABnZAs378hcEgnk8efxE35RF6B+MmxSq1Twhp2C1ophD6yMAkGByqGSM49
BAEDMAAwLQIVAO0hl59KWXRMBaJ2iKsiu/j73/bPAhRfsTT6SIBL5+3gjLhl7SqK
1kTMQw==
-----END CERTIFICATE-----

View File

@@ -1,4 +0,0 @@
-----BEGIN EC PRIVATE KEY-----
MFACAQEEFBR1r2nPL1Ln1U5Nk1kW9XtNEkk1oAcGBSuBBAAeoSwDKgAEQCFAMJ8A
AZ2QLN+/IXBIJ5PHn8RN+URegfjJsUqtU8IadgtaKYQ+sg==
-----END EC PRIVATE KEY-----

View File

@@ -1,15 +0,0 @@
issuer= /C=SE/O=Heimdal/CN=CA secp160r1
subject= /C=SE/O=Heimdal/CN=Server
-----BEGIN CERTIFICATE-----
MIIBIDCB4AIJAN1XzNknE3lCMAkGByqGSM49BAEwNjELMAkGA1UEBhMCU0UxEDAO
BgNVBAoTB0hlaW1kYWwxFTATBgNVBAMTDENBIHNlY3AxNjByMTAeFw0wOTAyMTQx
NzUwMDRaFw0yMDAxMjgxNzUwMDRaMDAxCzAJBgNVBAYTAlNFMRAwDgYDVQQKEwdI
ZWltZGFsMQ8wDQYDVQQDEwZTZXJ2ZXIwPjAQBgcqhkjOPQIBBgUrgQQAHgMqAARA
IUAwnwABnZAs378hcEgnk8efxE35RF6B+MmxSq1Twhp2C1ophD6yMAkGByqGSM49
BAEDMAAwLQIVAO0hl59KWXRMBaJ2iKsiu/j73/bPAhRfsTT6SIBL5+3gjLhl7SqK
1kTMQw==
-----END CERTIFICATE-----
-----BEGIN EC PRIVATE KEY-----
MFACAQEEFBR1r2nPL1Ln1U5Nk1kW9XtNEkk1oAcGBSuBBAAeoSwDKgAEQCFAMJ8A
AZ2QLN+/IXBIJ5PHn8RN+URegfjJsUqtU8IadgtaKYQ+sg==
-----END EC PRIVATE KEY-----

View File

@@ -0,0 +1,12 @@
-----BEGIN CERTIFICATE-----
MIIBuDCCAV6gAwIBAgIBATAKBggqhkjOPQQDAjA2MQswCQYDVQQGEwJTRTEQMA4G
A1UEChMHSGVpbWRhbDEVMBMGA1UEAxMMQ0Egc2VjcDI1NnIxMB4XDTE0MDMxMDE5
NDAyM1oXDTM4MDExNzE5NDAyM1owNjELMAkGA1UEBhMCU0UxEDAOBgNVBAoTB0hl
aW1kYWwxFTATBgNVBAMTDENBIHNlY3AyNTZyMTBZMBMGByqGSM49AgEGCCqGSM49
AwEHA0IABOUrhSvioYJaKUK9WjI5eGRAWsOB2DNslTkcgTkFsd3vD4/dGxaHBOIM
kuD9ldGK2sQArEIDKfrOHvP+oFz3jLajXTBbMB0GA1UdDgQWBBTrUd8AqGhfZvHV
spcznXeb328JgzAfBgNVHSMEGDAWgBTrUd8AqGhfZvHVspcznXeb328JgzAMBgNV
HRMEBTADAQH/MAsGA1UdDwQEAwIBBjAKBggqhkjOPQQDAgNIADBFAiBd6J2N4B6L
mtn0ZP/6vOyPkA7YMq2EwbVyTGlnBTwYsQIhALjsLWHQVSkt08rly48ns93DeSbM
XejBzmT8QXEdib+1
-----END CERTIFICATE-----

View File

@@ -0,0 +1,5 @@
-----BEGIN PRIVATE KEY-----
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgL2N0gdHhAjBGcJ40
gHePPMwGKygIVDXTfjysn9zPiSOhRANCAATlK4Ur4qGCWilCvVoyOXhkQFrDgdgz
bJU5HIE5BbHd7w+P3RsWhwTiDJLg/ZXRitrEAKxCAyn6zh7z/qBc94y2
-----END PRIVATE KEY-----

View File

@@ -0,0 +1,17 @@
-----BEGIN PRIVATE KEY-----
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgL2N0gdHhAjBGcJ40
gHePPMwGKygIVDXTfjysn9zPiSOhRANCAATlK4Ur4qGCWilCvVoyOXhkQFrDgdgz
bJU5HIE5BbHd7w+P3RsWhwTiDJLg/ZXRitrEAKxCAyn6zh7z/qBc94y2
-----END PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
MIIBuDCCAV6gAwIBAgIBATAKBggqhkjOPQQDAjA2MQswCQYDVQQGEwJTRTEQMA4G
A1UEChMHSGVpbWRhbDEVMBMGA1UEAxMMQ0Egc2VjcDI1NnIxMB4XDTE0MDMxMDE5
NDAyM1oXDTM4MDExNzE5NDAyM1owNjELMAkGA1UEBhMCU0UxEDAOBgNVBAoTB0hl
aW1kYWwxFTATBgNVBAMTDENBIHNlY3AyNTZyMTBZMBMGByqGSM49AgEGCCqGSM49
AwEHA0IABOUrhSvioYJaKUK9WjI5eGRAWsOB2DNslTkcgTkFsd3vD4/dGxaHBOIM
kuD9ldGK2sQArEIDKfrOHvP+oFz3jLajXTBbMB0GA1UdDgQWBBTrUd8AqGhfZvHV
spcznXeb328JgzAfBgNVHSMEGDAWgBTrUd8AqGhfZvHVspcznXeb328JgzAMBgNV
HRMEBTADAQH/MAsGA1UdDwQEAwIBBjAKBggqhkjOPQQDAgNIADBFAiBd6J2N4B6L
mtn0ZP/6vOyPkA7YMq2EwbVyTGlnBTwYsQIhALjsLWHQVSkt08rly48ns93DeSbM
XejBzmT8QXEdib+1
-----END CERTIFICATE-----

View File

@@ -0,0 +1,12 @@
-----BEGIN CERTIFICATE-----
MIIBrzCCAVWgAwIBAgIBAjAKBggqhkjOPQQDAjA2MQswCQYDVQQGEwJTRTEQMA4G
A1UEChMHSGVpbWRhbDEVMBMGA1UEAxMMQ0Egc2VjcDI1NnIxMB4XDTE0MDMxMDE5
NDAyM1oXDTM4MDExNzE5NDAyM1owMDELMAkGA1UEBhMCU0UxEDAOBgNVBAoTB0hl
aW1kYWwxDzANBgNVBAMTBkNsaWVudDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA
BO7/MCIBHf8gQLQ5ltp1uyCOCAw8uylZZ7+v/rB3oKHuAIyL6q/QjZXZH3FR5VcI
zANavN5SAfx9CFJpPk+pUISjWjBYMB0GA1UdDgQWBBSjXg4X3fs5xOQgTumjZQwF
I13RejAfBgNVHSMEGDAWgBTrUd8AqGhfZvHVspcznXeb328JgzAJBgNVHRMEAjAA
MAsGA1UdDwQEAwIEsDAKBggqhkjOPQQDAgNIADBFAiAa9d6aCxlioep3ViYqujWv
A28/16yXOrmLY1a2wcj3awIhAMeVjMiUTP/U4yXfb3uJjJmq8hfyNZ/CAiTQKORx
JjIt
-----END CERTIFICATE-----

View File

@@ -0,0 +1,5 @@
-----BEGIN PRIVATE KEY-----
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQg6oD5CbNzN7oAWqcq
dKJKw2WU5EwnUV05+7S9gXgeW/qhRANCAATu/zAiAR3/IEC0OZbadbsgjggMPLsp
WWe/r/6wd6Ch7gCMi+qv0I2V2R9xUeVXCMwDWrzeUgH8fQhSaT5PqVCE
-----END PRIVATE KEY-----

View File

@@ -0,0 +1,17 @@
-----BEGIN CERTIFICATE-----
MIIBrzCCAVWgAwIBAgIBAjAKBggqhkjOPQQDAjA2MQswCQYDVQQGEwJTRTEQMA4G
A1UEChMHSGVpbWRhbDEVMBMGA1UEAxMMQ0Egc2VjcDI1NnIxMB4XDTE0MDMxMDE5
NDAyM1oXDTM4MDExNzE5NDAyM1owMDELMAkGA1UEBhMCU0UxEDAOBgNVBAoTB0hl
aW1kYWwxDzANBgNVBAMTBkNsaWVudDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA
BO7/MCIBHf8gQLQ5ltp1uyCOCAw8uylZZ7+v/rB3oKHuAIyL6q/QjZXZH3FR5VcI
zANavN5SAfx9CFJpPk+pUISjWjBYMB0GA1UdDgQWBBSjXg4X3fs5xOQgTumjZQwF
I13RejAfBgNVHSMEGDAWgBTrUd8AqGhfZvHVspcznXeb328JgzAJBgNVHRMEAjAA
MAsGA1UdDwQEAwIEsDAKBggqhkjOPQQDAgNIADBFAiAa9d6aCxlioep3ViYqujWv
A28/16yXOrmLY1a2wcj3awIhAMeVjMiUTP/U4yXfb3uJjJmq8hfyNZ/CAiTQKORx
JjIt
-----END CERTIFICATE-----
-----BEGIN PRIVATE KEY-----
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQg6oD5CbNzN7oAWqcq
dKJKw2WU5EwnUV05+7S9gXgeW/qhRANCAATu/zAiAR3/IEC0OZbadbsgjggMPLsp
WWe/r/6wd6Ch7gCMi+qv0I2V2R9xUeVXCMwDWrzeUgH8fQhSaT5PqVCE
-----END PRIVATE KEY-----

View File

@@ -0,0 +1,12 @@
-----BEGIN CERTIFICATE-----
MIIBsDCCAVWgAwIBAgIBAjAKBggqhkjOPQQDAjA2MQswCQYDVQQGEwJTRTEQMA4G
A1UEChMHSGVpbWRhbDEVMBMGA1UEAxMMQ0Egc2VjcDI1NnIxMB4XDTE0MDMxMDE5
NDAyM1oXDTM4MDExNzE5NDAyM1owMDELMAkGA1UEBhMCU0UxEDAOBgNVBAoTB0hl
aW1kYWwxDzANBgNVBAMTBlNlcnZlcjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA
BItZgn1C8ZBvKkkNoEofWL0JLCTaHT2lJj7d9jRtSKiR2PlOtd5HhteDqP78K4eg
lRMk5nqsmEooalfbNsFBy8SjWjBYMB0GA1UdDgQWBBTqMDTOezcRsax6lf6E/Xk+
QzPorjAfBgNVHSMEGDAWgBTrUd8AqGhfZvHVspcznXeb328JgzAJBgNVHRMEAjAA
MAsGA1UdDwQEAwIEsDAKBggqhkjOPQQDAgNJADBGAiEAsvf//YdUWCD6OLZesENa
1mH8+b+kZDR6jx1JchRXAEQCIQDkTvTZrlmmxUaWEsf08/4xbxkYbrPAg4+VX2uI
QcEwUA==
-----END CERTIFICATE-----

View File

@@ -0,0 +1,5 @@
-----BEGIN PRIVATE KEY-----
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgKo/47DaveCl90GxH
LCE7IGBua2XsE+jI4RUWZrqjhBGhRANCAASLWYJ9QvGQbypJDaBKH1i9CSwk2h09
pSY+3fY0bUiokdj5TrXeR4bXg6j+/CuHoJUTJOZ6rJhKKGpX2zbBQcvE
-----END PRIVATE KEY-----

View File

@@ -0,0 +1,17 @@
-----BEGIN CERTIFICATE-----
MIIBsDCCAVWgAwIBAgIBAjAKBggqhkjOPQQDAjA2MQswCQYDVQQGEwJTRTEQMA4G
A1UEChMHSGVpbWRhbDEVMBMGA1UEAxMMQ0Egc2VjcDI1NnIxMB4XDTE0MDMxMDE5
NDAyM1oXDTM4MDExNzE5NDAyM1owMDELMAkGA1UEBhMCU0UxEDAOBgNVBAoTB0hl
aW1kYWwxDzANBgNVBAMTBlNlcnZlcjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA
BItZgn1C8ZBvKkkNoEofWL0JLCTaHT2lJj7d9jRtSKiR2PlOtd5HhteDqP78K4eg
lRMk5nqsmEooalfbNsFBy8SjWjBYMB0GA1UdDgQWBBTqMDTOezcRsax6lf6E/Xk+
QzPorjAfBgNVHSMEGDAWgBTrUd8AqGhfZvHVspcznXeb328JgzAJBgNVHRMEAjAA
MAsGA1UdDwQEAwIEsDAKBggqhkjOPQQDAgNJADBGAiEAsvf//YdUWCD6OLZesENa
1mH8+b+kZDR6jx1JchRXAEQCIQDkTvTZrlmmxUaWEsf08/4xbxkYbrPAg4+VX2uI
QcEwUA==
-----END CERTIFICATE-----
-----BEGIN PRIVATE KEY-----
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgKo/47DaveCl90GxH
LCE7IGBua2XsE+jI4RUWZrqjhBGhRANCAASLWYJ9QvGQbypJDaBKH1i9CSwk2h09
pSY+3fY0bUiokdj5TrXeR4bXg6j+/CuHoJUTJOZ6rJhKKGpX2zbBQcvE
-----END PRIVATE KEY-----

View File

@@ -192,13 +192,13 @@ if ${hxtool} info | grep 'ecdsa: hcrypto null' > /dev/null ; then
else
echo "eccert -> root"
${hxtool} verify --missing-revoke \
cert:FILE:$srcdir/data/secp160r2TestServer.cert.pem \
anchor:FILE:$srcdir/data/secp160r1TestCA.cert.pem > /dev/null || exit 1
cert:FILE:$srcdir/data/secp256r2TestServer.cert.pem \
anchor:FILE:$srcdir/data/secp256r1TestCA.cert.pem > /dev/null || exit 1
echo "eccert -> root"
${hxtool} verify --missing-revoke \
cert:FILE:$srcdir/data/secp160r2TestClient.cert.pem \
anchor:FILE:$srcdir/data/secp160r1TestCA.cert.pem > /dev/null || exit 1
cert:FILE:$srcdir/data/secp256r2TestClient.cert.pem \
anchor:FILE:$srcdir/data/secp256r1TestCA.cert.pem > /dev/null || exit 1
fi
echo "proxy cert"

View File

@@ -53,15 +53,15 @@ if ${hxtool} info | grep 'ecdsa: hcrypto null' > /dev/null ; then
else
echo "create signed data (ec)"
${hxtool} cms-create-sd \
--certificate=FILE:$srcdir/data/secp160r2TestClient.pem \
"$srcdir/test_chain.in" \
sd.data > /dev/null || exit 1
--certificate=FILE:$srcdir/data/secp256r2TestClient.pem \
"$srcdir/test_chain.in" \
sd.data > /dev/null || exit 1
echo "verify signed data (ec)"
${hxtool} cms-verify-sd \
--missing-revoke \
--anchors=FILE:$srcdir/data/secp160r1TestCA.cert.pem \
sd.data sd.data.out > /dev/null || exit 1
--missing-revoke \
--anchors=FILE:$srcdir/data/secp256r1TestCA.cert.pem \
sd.data sd.data.out > /dev/null || exit 1
cmp "$srcdir/test_chain.in" sd.data.out || exit 1
fi