Tolerate a Certificate using a non-supported group on server side

[openssl.git] / test / recipes / 80-test_ca.t

diff --git a/test/recipes/80-test_ca.t b/test/recipes/80-test_ca.t
index 19567a1f32fcc6e8298e224ea7648f6e5d795a4c..557777e191aa2c70e7b57bf658fe12e563493504 100644 (file)
--- a/test/recipes/80-test_ca.t
+++ b/test/recipes/80-test_ca.t
@@ -13,6 +13,7 @@ use warnings;
 use POSIX;
 use File::Path 2.00 qw/rmtree/;
 use OpenSSL::Test qw/:DEFAULT cmdstr srctop_file/;
+use OpenSSL::Test::Utils;
 
 setup("test_ca");
 
@@ -34,7 +35,7 @@ plan tests => 5;
         if !ok(run(perlapp(["CA.pl","-newreq"])),
                'creating certificate request');
 
-     $ENV{OPENSSL_CONFIG} = '-config "'.$std_openssl_cnf.'"';
+     $ENV{OPENSSL_CONFIG} = '-rand_serial -config "'.$std_openssl_cnf.'"';
      skip "failed to sign certificate request", 2
         if !is(yes(cmdstr(perlapp(["CA.pl", "-sign"]))), 0,
                'signing certificate request');
@@ -42,7 +43,10 @@ plan tests => 5;
      ok(run(perlapp(["CA.pl", "-verify", "newcert.pem"])),
         'verifying new certificate');
 
-     $ENV{OPENSSL_CONFIG} = "-config ".srctop_file("test", "Uss.cnf");
+     skip "CT not configured, can't use -precert", 1
+         if disabled("ct");
+
+     $ENV{OPENSSL_CONFIG} = '-config "'.srctop_file("test", "Uss.cnf").'"';
      ok(run(perlapp(["CA.pl", "-precert"], stderr => undef)),
         'creating new pre-certificate');
 }