diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2011-12-11 16:39:56 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2011-12-11 16:39:56 +0000 |
commit | eb8ebafe87808eeee37d39619507bf300ea409e5 (patch) | |
tree | 31b51276883de2ad788c60d782995979528ebd15 /test | |
parent | e559febaf11521b049dba86952640e4de03da1b6 (diff) |
detect and use older PKITS data
Diffstat (limited to 'test')
-rw-r--r-- | test/pkits-test.pl | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/test/pkits-test.pl b/test/pkits-test.pl index 3f8579372b..5c6b89fcdb 100644 --- a/test/pkits-test.pl +++ b/test/pkits-test.pl @@ -784,8 +784,15 @@ my $ossl = "ossl/apps/openssl"; my $ossl_cmd = "$ossl_path cms -verify -verify_retcode "; $ossl_cmd .= "-CAfile pkitsta.pem -crl_check_all -x509_strict "; -# Uncomment out following line to use older data (uses Dec 10 00:29:26 2010) -# $ossl_cmd .= "-attime 1291940972 "; + +# Check for expiry of trust anchor +system "$ossl_path x509 -inform DER -in $pkitsta -checkend 0"; +if ($? == 256) + { + print STDERR "WARNING: using older expired data\n"; + $ossl_cmd .= "-attime 1291940972 "; + } + $ossl_cmd .= "-policy_check -extended_crl -use_deltas -out /dev/null 2>&1 "; system "$ossl_path x509 -inform DER -in $pkitsta -out pkitsta.pem"; |