diff options
author | Viktor Dukhovni <openssl-users@dukhovni.org> | 2016-01-28 03:01:45 -0500 |
---|---|---|
committer | Viktor Dukhovni <openssl-users@dukhovni.org> | 2016-01-31 21:23:23 -0500 |
commit | 0daccd4dc1f1ac62181738a91714f35472e50f3c (patch) | |
tree | 5b7c2b6c5db0c2caf223ea978db03559b5eb90f8 /test/certs/setup.sh | |
parent | 1b4cf96f9b82ec3b06e7902bb21620a09cadd94e (diff) |
Check chain extensions also for trusted certificates
This includes basic constraints, key usages, issuer EKUs and auxiliary
trust OIDs (given a trust suitably related to the intended purpose).
Added tests and updated documentation.
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
Diffstat (limited to 'test/certs/setup.sh')
-rwxr-xr-x | test/certs/setup.sh | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/test/certs/setup.sh b/test/certs/setup.sh index b50f7e3015..795ff4aa0f 100755 --- a/test/certs/setup.sh +++ b/test/certs/setup.sh @@ -2,7 +2,7 @@ # Primary root: root-cert # root certs variants: CA:false, key2, DN2 -# trust variants: +serverAuth -serverAuth +clientAuth +# trust variants: +serverAuth -serverAuth +clientAuth +anyEKU -anyEKU # ./mkcert.sh genroot "Root CA" root-key root-cert ./mkcert.sh genss "Root CA" root-key root-nonca @@ -15,6 +15,16 @@ openssl x509 -in root-cert.pem -trustout \ -addreject serverAuth -out root-serverAuth.pem openssl x509 -in root-cert.pem -trustout \ -addtrust clientAuth -out root+clientAuth.pem +openssl x509 -in root-cert.pem -trustout \ + -addreject anyExtendedKeyUsage -out root-anyEKU.pem +openssl x509 -in root-cert.pem -trustout \ + -addtrust anyExtendedKeyUsage -out root+anyEKU.pem +openssl x509 -in root-cert2.pem -trustout \ + -addtrust serverAuth -out root2+serverAuth.pem +openssl x509 -in root-cert2.pem -trustout \ + -addreject serverAuth -out root2-serverAuth.pem +openssl x509 -in root-cert2.pem -trustout \ + -addtrust clientAuth -out root2+clientAuth.pem # Primary intermediate ca: ca-cert # ca variants: CA:false, key2, DN2, issuer2, expired |