oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

Use P-256 for EC tests

Browse Source 
Fedora/RedHat OpenSSL supports only P-256, P-384 and P-521.

The new mkcert.sh script can create updated certs when these
expire on Jan 17th 2038.
This commit is contained in:
Viktor Dukhovni
2014-03-04 23:42:19 +00:00
committed by Viktor Dukhovni
parent 6bfcd13506
commit 46e0bd3c68
22 changed files with 205 additions and 109 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
lib/hx509/test_cms.in
View File

@@ -53,15 +53,15 @@ if ${hxtool} info | grep 'ecdsa: hcrypto null' > /dev/null ; then
else
echo "create signed data (ec)"
${hxtool} cms-create-sd \
--certificate=FILE:$srcdir/data/secp160r2TestClient.pem \
"$srcdir/test_chain.in" \
sd.data > /dev/null || exit 1
--certificate=FILE:$srcdir/data/secp256r2TestClient.pem \
"$srcdir/test_chain.in" \
sd.data > /dev/null || exit 1
echo "verify signed data (ec)"
${hxtool} cms-verify-sd \
--missing-revoke \
--anchors=FILE:$srcdir/data/secp160r1TestCA.cert.pem \
sd.data sd.data.out > /dev/null || exit 1
--missing-revoke \
--anchors=FILE:$srcdir/data/secp256r1TestCA.cert.pem \
sd.data sd.data.out > /dev/null || exit 1
cmp "$srcdir/test_chain.in" sd.data.out || exit 1
fi