#! /usr/bin/env perl
-# Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
my $dummycnf = srctop_file("apps", "openssl.cnf");
+my $cnf = srctop_file("test", "ca-and-certs.cnf");
my $CAkey = "keyCA.ss";
my $CAcert="certCA.ss";
my $CAserial="certCA.srl";
my $CAreq="reqCA.ss";
-my $CAconf=srctop_file("test","CAss.cnf");
my $CAreq2="req2CA.ss"; # temp
-
-my $Uconf=srctop_file("test","Uss.cnf");
my $Ukey="keyU.ss";
my $Ureq="reqU.ss";
my $Ucert="certU.ss";
SKIP: {
req( 'make cert request',
- qw(-new),
- -config => $CAconf,
+ qw(-new -section userreq),
+ -config => $cnf,
-out => $CAreq,
-keyout => $CAkey );
skip 'failure', 8 unless
x509( 'convert request into self-signed cert',
- qw(-req -CAcreateserial),
+ qw(-req -CAcreateserial -days 30),
+ qw(-extensions v3_ca),
-in => $CAreq,
-out => $CAcert,
-signkey => $CAkey,
- -days => 30,
- -extfile => $CAconf,
- -extensions => 'v3_ca' );
+ -extfile => $cnf );
skip 'failure', 7 unless
x509( 'convert cert into a cert request',
skip 'failure', 6 unless
req( 'verify request 1',
- qw(-verify -noout),
+ qw(-verify -noout -section userreq),
-config => $dummycnf,
-in => $CAreq );
skip 'failure', 5 unless
req( 'verify request 2',
- qw(-verify -noout),
+ qw(-verify -noout -section userreq),
-config => $dummycnf,
-in => $CAreq2 );
skip 'failure', 3 unless
req( 'make a user cert request',
- qw(-new),
- -config => $Uconf,
+ qw(-new -section userreq),
+ -config => $cnf,
-out => $Ureq,
-keyout => $Ukey );
skip 'failure', 2 unless
x509( 'sign user cert request',
- qw(-req -CAcreateserial),
+ qw(-req -CAcreateserial -days 30 -extensions v3_ee),
-in => $Ureq,
-out => $Ucert,
-CA => $CAcert,
-CAkey => $CAkey,
-CAserial => $CAserial,
- -days => 30,
- -extfile => $Uconf,
- -extensions => 'v3_ee' )
+ -extfile => $cnf )
&& verify( undef,
-CAstore => $CAcert,
$Ucert );
skip 'failure', 0 unless
x509( 'Certificate details',
- qw( -subject -issuer -startdate -enddate -noout),
+ qw(-subject -issuer -startdate -enddate -noout),
-in => $Ucert );
}