projects / openssl.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Add tests for non-ca trusted roots and intermediates
[openssl.git] / test / certs / setup.sh
diff --git a/test/certs/setup.sh b/test/certs/setup.sh
index 7de6a0e769cada792a2ca9e49f63e30c76339205..8cf27eebf502bb7c26140d7379a14ae116807e84 100755 (executable)
--- a/test/certs/setup.sh
+++ b/test/certs/setup.sh
@@ -27,6 +27,10 @@ openssl x509 -in root-cert2.pem -trustout \
     -addreject serverAuth -out root2-serverAuth.pem
 openssl x509 -in root-cert2.pem -trustout \
     -addtrust clientAuth -out root2+clientAuth.pem
+openssl x509 -in root-nonca.pem -trustout \
+    -addtrust serverAuth -out nroot+serverAuth.pem
+openssl x509 -in root-nonca.pem -trustout \
+    -addtrust anyExtendedKeyUsage -out nroot+anyEKU.pem
 
 # primary client-EKU root: croot-cert
 # trust variants: +serverAuth -serverAuth +clientAuth +anyEKU -anyEKU
@@ -87,6 +91,10 @@ openssl x509 -in ca-cert.pem -trustout \
     -addreject anyExtendedKeyUsage -out ca-anyEKU.pem
 openssl x509 -in ca-cert.pem -trustout \
     -addtrust anyExtendedKeyUsage -out ca+anyEKU.pem
+openssl x509 -in ca-nonca.pem -trustout \
+    -addtrust serverAuth -out nca+serverAuth.pem
+openssl x509 -in ca-nonca.pem -trustout \
+    -addtrust serverAuth -out nca+anyEKU.pem
 
 # client intermediate ca: cca-cert
 # trust variants: +serverAuth, -serverAuth, +clientAuth, -clientAuth
Unnamed repository; edit this file 'description' to name the repository.