mirror of
https://github.com/openssl/openssl.git
synced 2024-12-27 06:21:43 +08:00
cf8422480a
Add a test to exercise the use of s_server with "-cert_chain" to construct an ocsp request. This new functionality was added in PR #22192. Testing: make V=1 TESTS='test_ocsp_cert_chain' test Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23101)
101 lines
2.4 KiB
Bash
Executable File
101 lines
2.4 KiB
Bash
Executable File
#!/bin/sh
|
|
|
|
opensslcmd() {
|
|
LD_LIBRARY_PATH=../.. ../../apps/openssl $@
|
|
}
|
|
|
|
# report the openssl version
|
|
opensslcmd version
|
|
|
|
echo "Creating private keys and certs..."
|
|
|
|
#####
|
|
|
|
# root CA private key
|
|
opensslcmd genpkey \
|
|
-algorithm EC \
|
|
-pkeyopt ec_paramgen_curve:secp521r1 \
|
|
-pkeyopt ec_param_enc:named_curve \
|
|
-out root-key.pem
|
|
|
|
# root CA certificate (self-signed)
|
|
opensslcmd req \
|
|
-config ca.cnf \
|
|
-x509 \
|
|
-days 3650 \
|
|
-key root-key.pem \
|
|
-subj /CN=TestRootCA \
|
|
-out root-cert.pem
|
|
#####
|
|
|
|
# intermediate CA private key
|
|
opensslcmd genpkey \
|
|
-algorithm EC \
|
|
-pkeyopt ec_paramgen_curve:secp384r1 \
|
|
-pkeyopt ec_param_enc:named_curve \
|
|
-out intermediate-key.pem
|
|
|
|
# intermediate CA certificate-signing-request
|
|
opensslcmd req \
|
|
-config ca.cnf \
|
|
-new \
|
|
-key intermediate-key.pem \
|
|
-subj /CN=TestIntermediateCA \
|
|
-out intermediate-csr.pem
|
|
|
|
# intermediate CA certificate (signed by root CA)
|
|
opensslcmd req \
|
|
-config ca.cnf \
|
|
-x509 \
|
|
-days 1825 \
|
|
-CA root-cert.pem \
|
|
-CAkey root-key.pem \
|
|
-in intermediate-csr.pem \
|
|
-copy_extensions copyall \
|
|
-out intermediate-cert.pem
|
|
#####
|
|
|
|
# server key
|
|
opensslcmd genpkey \
|
|
-algorithm EC \
|
|
-pkeyopt ec_paramgen_curve:prime256v1 \
|
|
-pkeyopt ec_param_enc:named_curve \
|
|
-out server-key.pem
|
|
|
|
# server certificate-signing-request
|
|
opensslcmd req \
|
|
-config ca.cnf \
|
|
-extensions usr_cert \
|
|
-new \
|
|
-key server-key.pem \
|
|
-subj /CN=TestServerCA \
|
|
-out server-csr.pem
|
|
|
|
# server certificate (signed by intermediate CA)
|
|
opensslcmd req \
|
|
-config ca.cnf \
|
|
-extensions usr_cert \
|
|
-x509 \
|
|
-days 365 \
|
|
-CA intermediate-cert.pem \
|
|
-CAkey intermediate-key.pem \
|
|
-in server-csr.pem \
|
|
-copy_extensions copyall \
|
|
-out server-cert.pem
|
|
#####
|
|
|
|
rm -f index.txt index.txt.attr
|
|
echo -n > index.txt
|
|
opensslcmd ca \
|
|
-config ca.cnf \
|
|
-valid server-cert.pem \
|
|
-keyfile intermediate-key.pem \
|
|
-cert intermediate-cert.pem
|
|
rm -f index.txt.old
|
|
#####
|
|
|
|
cat server-cert.pem server-key.pem intermediate-cert.pem > server.pem
|
|
cat intermediate-cert.pem intermediate-key.pem > ocsp.pem
|
|
|
|
echo "Done."
|