Add a PKCS12 test to check with one input cert we get one output cert

Following on from the regression in issue #15983, add a test that with
one input cert, we get one cert in the pkcs12 file, and that it has the
expected friendlyName.

Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16001)

diff --git a/test/recipes/80-test_pkcs12.t b/test/recipes/80-test_pkcs12.t
index 52c70cb0f7760778a8bde146f6a79f736aaf5f50..1f0cb4d5014881a570eedab3071e6688dad03861 100644 (file)
--- a/test/recipes/80-test_pkcs12.t
+++ b/test/recipes/80-test_pkcs12.t
@@ -54,7 +54,7 @@ if (eval { require Win32::API; 1; }) {
 }
 $ENV{OPENSSL_WIN32_UTF8}=1;
 
-plan tests => 10;
+plan tests => 13;
 
 # Test different PKCS#12 formats
 ok(run(test(["pkcs12_format_test"])), "test pkcs12 formats");
@@ -79,6 +79,7 @@ my $outfile1 = "out1.p12";
 my $outfile2 = "out2.p12";
 my $outfile3 = "out3.p12";
 my $outfile4 = "out4.p12";
+my $outfile5 = "out5.p12";
 
 # Test the -chain option with -untrusted
 ok(run(app(["openssl", "pkcs12", "-export", "-chain",
@@ -133,5 +134,18 @@ ok(run(app(["openssl", "pkcs12",
             "-nomacver", "-nodes"])),
   "test_import_pkcs12_cert_key_cert");
 
+ok(run(app(["openssl", "pkcs12", "-export", "-out", $outfile5,
+            "-in", srctop_file(@path, "ee-cert.pem"), "-caname", "testname",
+            "-nokeys", "-passout", "pass:", "-certpbe", "NONE"])),
+   "test nokeys single cert");
+
+my @pkcs12info = run(app(["openssl", "pkcs12", "-info", "-in", $outfile5,
+                          "-passin", "pass:"]), capture => 1);
+
+# Test that with one input certificate, we get one output certificate
+ok(grep(/subject=CN = server.example/, @pkcs12info) == 1,
+   "test one cert in output");
+# Test that the expected friendly name is present in the output
+ok(grep(/testname/, @pkcs12info) == 1, "test friendly name in output");
 
 SetConsoleOutputCP($savedcp) if (defined($savedcp));