summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorinoguchi <>2020-05-18 11:42:34 +0000
committerinoguchi <>2020-05-18 11:42:34 +0000
commit0a9a6e4ba73f680e22dad2cd9d2d51f40988443f (patch)
treef2d59c824dac9c9c8cc4ce546a6c4be2adeaa58a /src
parent3f64337bd4976e6c77b4bad1903d910370470705 (diff)
downloadopenbsd-0a9a6e4ba73f680e22dad2cd9d2d51f40988443f.tar.gz
openbsd-0a9a6e4ba73f680e22dad2cd9d2d51f40988443f.tar.bz2
openbsd-0a9a6e4ba73f680e22dad2cd9d2d51f40988443f.zip
Rename variables for key, csr, pass, cert
Diffstat (limited to 'src')
-rwxr-xr-xsrc/regress/usr.bin/openssl/appstest.sh170
1 files changed, 85 insertions, 85 deletions
diff --git a/src/regress/usr.bin/openssl/appstest.sh b/src/regress/usr.bin/openssl/appstest.sh
index dd32d058b4..f198f7ecd7 100755
--- a/src/regress/usr.bin/openssl/appstest.sh
+++ b/src/regress/usr.bin/openssl/appstest.sh
@@ -1,6 +1,6 @@
1#!/bin/sh 1#!/bin/sh
2# 2#
3# $OpenBSD: appstest.sh,v 1.40 2020/05/17 08:14:26 inoguchi Exp $ 3# $OpenBSD: appstest.sh,v 1.41 2020/05/18 11:42:34 inoguchi Exp $
4# 4#
5# Copyright (c) 2016 Kinichiro Inoguchi <inoguchi@openbsd.org> 5# Copyright (c) 2016 Kinichiro Inoguchi <inoguchi@openbsd.org>
6# 6#
@@ -693,9 +693,9 @@ __EOF__
693 693
694 # RSA certificate 694 # RSA certificate
695 695
696 server_key=$server_dir/server_key.pem 696 sv_rsa_key=$server_dir/sv_rsa_key.pem
697 server_csr=$server_dir/server_csr.pem 697 sv_rsa_csr=$server_dir/sv_rsa_csr.pem
698 server_pass=test-server-pass 698 sv_rsa_pass=test-server-pass
699 699
700 if [ $mingw = 0 ] ; then 700 if [ $mingw = 0 ] ; then
701 subj='/C=JP/ST=Tokyo/O=TEST_DUMMY_COMPANY/CN=localhost.test_dummy.com/' 701 subj='/C=JP/ST=Tokyo/O=TEST_DUMMY_COMPANY/CN=localhost.test_dummy.com/'
@@ -705,23 +705,23 @@ __EOF__
705 705
706 start_message "genrsa ... generate server key#1" 706 start_message "genrsa ... generate server key#1"
707 707
708 $openssl_bin genrsa -aes256 -passout pass:$server_pass -out $server_key 708 $openssl_bin genrsa -aes256 -passout pass:$sv_rsa_pass -out $sv_rsa_key
709 check_exit_status $? 709 check_exit_status $?
710 710
711 start_message "req ... generate server csr#1" 711 start_message "req ... generate server csr#1"
712 712
713 $openssl_bin req -new -subj $subj -sha256 \ 713 $openssl_bin req -new -subj $subj -sha256 \
714 -key $server_key -keyform pem -passin pass:$server_pass \ 714 -key $sv_rsa_key -keyform pem -passin pass:$sv_rsa_pass \
715 -addext 'subjectAltName = DNS:localhost.test_dummy.com' \ 715 -addext 'subjectAltName = DNS:localhost.test_dummy.com' \
716 -out $server_csr -outform pem 716 -out $sv_rsa_csr -outform pem
717 check_exit_status $? 717 check_exit_status $?
718 718
719 start_message "req ... verify server csr#1" 719 start_message "req ... verify server csr#1"
720 720
721 $openssl_bin req -verify -in $server_csr -inform pem \ 721 $openssl_bin req -verify -in $sv_rsa_csr -inform pem \
722 -newhdr -noout -pubkey -subject -modulus -text \ 722 -newhdr -noout -pubkey -subject -modulus -text \
723 -nameopt multiline -reqopt compatible \ 723 -nameopt multiline -reqopt compatible \
724 -out $server_csr.verify.out 724 -out $sv_rsa_csr.verify.out
725 check_exit_status $? 725 check_exit_status $?
726 726
727 start_message "req ... generate server csr#2 (interactive mode)" 727 start_message "req ... generate server csr#2 (interactive mode)"
@@ -743,9 +743,9 @@ __EOF__
743 743
744 # ECDSA certificate 744 # ECDSA certificate
745 745
746 ecdsa_key=$server_dir/ecdsa_key.pem 746 sv_ecdsa_key=$server_dir/sv_ecdsa_key.pem
747 ecdsa_csr=$server_dir/ecdsa_csr.pem 747 sv_ecdsa_csr=$server_dir/sv_ecdsa_csr.pem
748 ecdsa_pass=test-ecdsa-pass 748 sv_ecdsa_pass=test-ecdsa-pass
749 749
750 if [ $mingw = 0 ] ; then 750 if [ $mingw = 0 ] ; then
751 subj='/C=JP/ST=Tokyo/O=TEST_DUMMY_COMPANY/CN=ecdsa.test_dummy.com/' 751 subj='/C=JP/ST=Tokyo/O=TEST_DUMMY_COMPANY/CN=ecdsa.test_dummy.com/'
@@ -755,30 +755,30 @@ __EOF__
755 755
756 start_message "ecparam ... generate server key#3" 756 start_message "ecparam ... generate server key#3"
757 757
758 $openssl_bin ecparam -name prime256v1 -genkey -out $ecdsa_key 758 $openssl_bin ecparam -name prime256v1 -genkey -out $sv_ecdsa_key
759 check_exit_status $? 759 check_exit_status $?
760 760
761 start_message "req ... generate server csr#3" 761 start_message "req ... generate server csr#3"
762 762
763 $openssl_bin req -new -subj $subj -sha256 \ 763 $openssl_bin req -new -subj $subj -sha256 \
764 -key $ecdsa_key -keyform pem -passin pass:$ecdsa_pass \ 764 -key $sv_ecdsa_key -keyform pem -passin pass:$sv_ecdsa_pass \
765 -addext 'subjectAltName = DNS:ecdsa.test_dummy.com' \ 765 -addext 'subjectAltName = DNS:ecdsa.test_dummy.com' \
766 -out $ecdsa_csr -outform pem 766 -out $sv_ecdsa_csr -outform pem
767 check_exit_status $? 767 check_exit_status $?
768 768
769 start_message "req ... verify server csr#3" 769 start_message "req ... verify server csr#3"
770 770
771 $openssl_bin req -verify -in $ecdsa_csr -inform pem \ 771 $openssl_bin req -verify -in $sv_ecdsa_csr -inform pem \
772 -newhdr -noout -pubkey -subject -modulus -text \ 772 -newhdr -noout -pubkey -subject -modulus -text \
773 -nameopt multiline -reqopt compatible \ 773 -nameopt multiline -reqopt compatible \
774 -out $ecdsa_csr.verify.out 774 -out $sv_ecdsa_csr.verify.out
775 check_exit_status $? 775 check_exit_status $?
776 776
777 # GOST certificate 777 # GOST certificate
778 778
779 gost_key=$server_dir/gost_key.pem 779 sv_gost_key=$server_dir/sv_gost_key.pem
780 gost_csr=$server_dir/gost_csr.pem 780 sv_gost_csr=$server_dir/sv_gost_csr.pem
781 gost_pass=test-gost-pass 781 sv_gost_pass=test-gost-pass
782 782
783 if [ $mingw = 0 ] ; then 783 if [ $mingw = 0 ] ; then
784 subj='/C=JP/ST=Tokyo/O=TEST_DUMMY_COMPANY/CN=gost.test_dummy.com/' 784 subj='/C=JP/ST=Tokyo/O=TEST_DUMMY_COMPANY/CN=gost.test_dummy.com/'
@@ -789,23 +789,23 @@ __EOF__
789 start_message "genpkey ... generate server key#4" 789 start_message "genpkey ... generate server key#4"
790 790
791 $openssl_bin genpkey -algorithm GOST2001 -pkeyopt paramset:A \ 791 $openssl_bin genpkey -algorithm GOST2001 -pkeyopt paramset:A \
792 -pkeyopt dgst:streebog512 -out $gost_key 792 -pkeyopt dgst:streebog512 -out $sv_gost_key
793 check_exit_status $? 793 check_exit_status $?
794 794
795 start_message "req ... generate server csr#4" 795 start_message "req ... generate server csr#4"
796 796
797 $openssl_bin req -new -subj $subj -streebog512 \ 797 $openssl_bin req -new -subj $subj -streebog512 \
798 -key $gost_key -keyform pem -passin pass:$gost_pass \ 798 -key $sv_gost_key -keyform pem -passin pass:$sv_gost_pass \
799 -addext 'subjectAltName = DNS:gost.test_dummy.com' \ 799 -addext 'subjectAltName = DNS:gost.test_dummy.com' \
800 -out $gost_csr -outform pem 800 -out $sv_gost_csr -outform pem
801 check_exit_status $? 801 check_exit_status $?
802 802
803 start_message "req ... verify server csr#4" 803 start_message "req ... verify server csr#4"
804 804
805 $openssl_bin req -verify -in $gost_csr -inform pem \ 805 $openssl_bin req -verify -in $sv_gost_csr -inform pem \
806 -newhdr -noout -pubkey -subject -modulus -text \ 806 -newhdr -noout -pubkey -subject -modulus -text \
807 -nameopt multiline -reqopt compatible \ 807 -nameopt multiline -reqopt compatible \
808 -out $gost_csr.verify.out 808 -out $sv_gost_csr.verify.out
809 check_exit_status $? 809 check_exit_status $?
810 810
811 #---------#---------#---------#---------#---------#---------#--------- 811 #---------#---------#---------#---------#---------#---------#---------
@@ -815,9 +815,9 @@ __EOF__
815 815
816 start_message "ca ... issue cert for server csr#1" 816 start_message "ca ... issue cert for server csr#1"
817 817
818 server_cert=$server_dir/server_cert.pem 818 sv_rsa_cert=$server_dir/sv_rsa_cert.pem
819 $openssl_bin ca -batch -cert $ca_cert -keyfile $ca_key -key $ca_pass \ 819 $openssl_bin ca -batch -cert $ca_cert -keyfile $ca_key -key $ca_pass \
820 -in $server_csr -out $server_cert > $server_cert.log 2>&1 820 -in $sv_rsa_csr -out $sv_rsa_cert > $sv_rsa_cert.log 2>&1
821 check_exit_status $? 821 check_exit_status $?
822 822
823 start_message "x509 ... issue cert for server csr#2" 823 start_message "x509 ... issue cert for server csr#2"
@@ -832,16 +832,16 @@ __EOF__
832 832
833 start_message "ca ... issue cert for server csr#3" 833 start_message "ca ... issue cert for server csr#3"
834 834
835 ecdsa_cert=$server_dir/ecdsa_cert.pem 835 sv_ecdsa_cert=$server_dir/sv_ecdsa_cert.pem
836 $openssl_bin ca -batch -cert $ca_cert -keyfile $ca_key -key $ca_pass \ 836 $openssl_bin ca -batch -cert $ca_cert -keyfile $ca_key -key $ca_pass \
837 -in $ecdsa_csr -out $ecdsa_cert > $ecdsa_cert.log 2>&1 837 -in $sv_ecdsa_csr -out $sv_ecdsa_cert > $sv_ecdsa_cert.log 2>&1
838 check_exit_status $? 838 check_exit_status $?
839 839
840 start_message "ca ... issue cert for server csr#4" 840 start_message "ca ... issue cert for server csr#4"
841 841
842 gost_cert=$server_dir/gost_cert.pem 842 sv_gost_cert=$server_dir/sv_gost_cert.pem
843 $openssl_bin ca -batch -cert $ca_cert -keyfile $ca_key -key $ca_pass \ 843 $openssl_bin ca -batch -cert $ca_cert -keyfile $ca_key -key $ca_pass \
844 -in $gost_csr -out $gost_cert > $gost_cert.log 2>&1 844 -in $sv_gost_csr -out $sv_gost_cert > $sv_gost_cert.log 2>&1
845 check_exit_status $? 845 check_exit_status $?
846 846
847 #---------#---------#---------#---------#---------#---------#--------- 847 #---------#---------#---------#---------#---------#---------#---------
@@ -879,22 +879,22 @@ __EOF__
879 section_message "server-admin operations (check csr, verify cert, certhash)" 879 section_message "server-admin operations (check csr, verify cert, certhash)"
880 880
881 start_message "asn1parse ... parse server csr#1" 881 start_message "asn1parse ... parse server csr#1"
882 $openssl_bin asn1parse -in $server_csr -i -dlimit 100 -length 1000 \ 882 $openssl_bin asn1parse -in $sv_rsa_csr -i -dlimit 100 -length 1000 \
883 -strparse 01 > $server_csr.asn1parse.out 883 -strparse 01 > $sv_rsa_csr.asn1parse.out
884 check_exit_status $? 884 check_exit_status $?
885 885
886 start_message "verify ... server cert#1" 886 start_message "verify ... server cert#1"
887 $openssl_bin verify -verbose -CAfile $ca_cert -CRLfile $crl_file \ 887 $openssl_bin verify -verbose -CAfile $ca_cert -CRLfile $crl_file \
888 -crl_check -issuer_checks -purpose sslserver $server_cert 888 -crl_check -issuer_checks -purpose sslserver $sv_rsa_cert
889 check_exit_status $? 889 check_exit_status $?
890 890
891 start_message "x509 ... get detail info about server cert#1" 891 start_message "x509 ... get detail info about server cert#1"
892 $openssl_bin x509 -in $server_cert -text -C -dates -startdate -enddate \ 892 $openssl_bin x509 -in $sv_rsa_cert -text -C -dates -startdate -enddate \
893 -fingerprint -issuer -issuer_hash -issuer_hash_old \ 893 -fingerprint -issuer -issuer_hash -issuer_hash_old \
894 -subject -hash -subject_hash -subject_hash_old -ocsp_uri \ 894 -subject -hash -subject_hash -subject_hash_old -ocsp_uri \
895 -ocspid -modulus -pubkey -serial -email -noout -trustout \ 895 -ocspid -modulus -pubkey -serial -email -noout -trustout \
896 -alias -clrtrust -clrreject -next_serial -checkend 3600 \ 896 -alias -clrtrust -clrreject -next_serial -checkend 3600 \
897 -nameopt multiline -certopt compatible > $server_cert.x509.out 897 -nameopt multiline -certopt compatible > $sv_rsa_cert.x509.out
898 check_exit_status $? 898 check_exit_status $?
899 899
900 if [ $mingw = 0 ] ; then 900 if [ $mingw = 0 ] ; then
@@ -907,9 +907,9 @@ __EOF__
907 # self signed 907 # self signed
908 start_message "x509 ... generate self signed server cert" 908 start_message "x509 ... generate self signed server cert"
909 server_self_cert=$server_dir/server_self_cert.pem 909 server_self_cert=$server_dir/server_self_cert.pem
910 $openssl_bin x509 -in $server_cert -signkey $server_key -keyform pem \ 910 $openssl_bin x509 -in $sv_rsa_cert -signkey $sv_rsa_key -keyform pem \
911 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:8 \ 911 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:8 \
912 -passin pass:$server_pass -out $server_self_cert -days 1 912 -passin pass:$sv_rsa_pass -out $server_self_cert -days 1
913 check_exit_status $? 913 check_exit_status $?
914 914
915 #---------#---------#---------#---------#---------#---------#--------- 915 #---------#---------#---------#---------#---------#---------#---------
@@ -970,9 +970,9 @@ __EOF__
970 970
971 start_message "req ... generate private key and csr for user1" 971 start_message "req ... generate private key and csr for user1"
972 972
973 user1_key=$user1_dir/user1_key.pem 973 cl_rsa_key=$user1_dir/cl_rsa_key.pem
974 user1_csr=$user1_dir/user1_csr.pem 974 cl_rsa_csr=$user1_dir/cl_rsa_csr.pem
975 user1_pass=test-user1-pass 975 cl_rsa_pass=test-user1-pass
976 976
977 if [ $mingw = 0 ] ; then 977 if [ $mingw = 0 ] ; then
978 subj='/C=JP/ST=Tokyo/O=TEST_DUMMY_COMPANY/CN=user1.test_dummy.com/' 978 subj='/C=JP/ST=Tokyo/O=TEST_DUMMY_COMPANY/CN=user1.test_dummy.com/'
@@ -980,8 +980,8 @@ __EOF__
980 subj='//C=JP\ST=Tokyo\O=TEST_DUMMY_COMPANY\CN=user1.test_dummy.com\' 980 subj='//C=JP\ST=Tokyo\O=TEST_DUMMY_COMPANY\CN=user1.test_dummy.com\'
981 fi 981 fi
982 982
983 $openssl_bin req -new -keyout $user1_key -out $user1_csr \ 983 $openssl_bin req -new -keyout $cl_rsa_key -out $cl_rsa_csr \
984 -passout pass:$user1_pass -subj $subj > $user1_csr.log 2>&1 984 -passout pass:$cl_rsa_pass -subj $subj > $cl_rsa_csr.log 2>&1
985 check_exit_status $? 985 check_exit_status $?
986 986
987 #---------#---------#---------#---------#---------#---------#--------- 987 #---------#---------#---------#---------#---------#---------#---------
@@ -991,9 +991,9 @@ __EOF__
991 991
992 start_message "ca ... issue cert for user1" 992 start_message "ca ... issue cert for user1"
993 993
994 user1_cert=$user1_dir/user1_cert.pem 994 cl_rsa_cert=$user1_dir/cl_rsa_cert.pem
995 $openssl_bin ca -batch -cert $ca_cert -keyfile $ca_key -key $ca_pass \ 995 $openssl_bin ca -batch -cert $ca_cert -keyfile $ca_key -key $ca_pass \
996 -in $user1_csr -out $user1_cert > $user1_cert.log 2>&1 996 -in $cl_rsa_csr -out $cl_rsa_cert > $cl_rsa_cert.log 2>&1
997 check_exit_status $? 997 check_exit_status $?
998} 998}
999 999
@@ -1072,9 +1072,9 @@ __EOF__
1072 1072
1073 $openssl_bin cms -sign -in $cms_txt -text \ 1073 $openssl_bin cms -sign -in $cms_txt -text \
1074 -out $cms_sig -outform smime \ 1074 -out $cms_sig -outform smime \
1075 -signer $user1_cert -inkey $user1_key -keyform pem \ 1075 -signer $cl_rsa_cert -inkey $cl_rsa_key -keyform pem \
1076 -keyopt rsa_padding_mode:pss \ 1076 -keyopt rsa_padding_mode:pss \
1077 -passin pass:$user1_pass -md sha256 \ 1077 -passin pass:$cl_rsa_pass -md sha256 \
1078 -from user1@test_dummy.com -to server@test_dummy.com \ 1078 -from user1@test_dummy.com -to server@test_dummy.com \
1079 -subject "test openssl cms" \ 1079 -subject "test openssl cms" \
1080 -receipt_request_from server@test_dummy.com \ 1080 -receipt_request_from server@test_dummy.com \
@@ -1085,7 +1085,7 @@ __EOF__
1085 start_message "cms ... encrypt message" 1085 start_message "cms ... encrypt message"
1086 1086
1087 $openssl_bin cms -encrypt -aes256 -binary -in $cms_sig -inform smime \ 1087 $openssl_bin cms -encrypt -aes256 -binary -in $cms_sig -inform smime \
1088 -recip $server_cert -keyopt rsa_padding_mode:oaep \ 1088 -recip $sv_rsa_cert -keyopt rsa_padding_mode:oaep \
1089 -out $cms_enc 1089 -out $cms_enc
1090 check_exit_status $? 1090 check_exit_status $?
1091 1091
@@ -1093,14 +1093,14 @@ __EOF__
1093 start_message "cms ... decrypt message" 1093 start_message "cms ... decrypt message"
1094 1094
1095 $openssl_bin cms -decrypt -in $cms_enc -out $cms_dec \ 1095 $openssl_bin cms -decrypt -in $cms_enc -out $cms_dec \
1096 -recip $server_cert -inkey $server_key -passin pass:$server_pass 1096 -recip $sv_rsa_cert -inkey $sv_rsa_key -passin pass:$sv_rsa_pass
1097 check_exit_status $? 1097 check_exit_status $?
1098 1098
1099 # verify 1099 # verify
1100 start_message "cms ... verify message" 1100 start_message "cms ... verify message"
1101 1101
1102 $openssl_bin cms -verify -in $cms_dec \ 1102 $openssl_bin cms -verify -in $cms_dec \
1103 -CAfile $ca_cert -certfile $user1_cert -nointern \ 1103 -CAfile $ca_cert -certfile $cl_rsa_cert -nointern \
1104 -check_ss_sig -issuer_checks -policy_check -x509_strict \ 1104 -check_ss_sig -issuer_checks -policy_check -x509_strict \
1105 -signer $cms_sgr -text -out $cms_ver -receipt_request_print \ 1105 -signer $cms_sgr -text -out $cms_ver -receipt_request_print \
1106 > $cms_ver.log 2>&1 1106 > $cms_ver.log 2>&1
@@ -1167,15 +1167,15 @@ __EOF__
1167 start_message "cms ... sign to receipt" 1167 start_message "cms ... sign to receipt"
1168 1168
1169 $openssl_bin cms -sign_receipt -in $cms_sig -out $cms_srp \ 1169 $openssl_bin cms -sign_receipt -in $cms_sig -out $cms_srp \
1170 -signer $server_cert -inkey $server_key \ 1170 -signer $sv_rsa_cert -inkey $sv_rsa_key \
1171 -passin pass:$server_pass -md sha256 1171 -passin pass:$sv_rsa_pass -md sha256
1172 check_exit_status $? 1172 check_exit_status $?
1173 1173
1174 # verify_receipt 1174 # verify_receipt
1175 start_message "cms ... verify receipt" 1175 start_message "cms ... verify receipt"
1176 1176
1177 $openssl_bin cms -verify_receipt $cms_srp -rctform smime -in $cms_sig \ 1177 $openssl_bin cms -verify_receipt $cms_srp -rctform smime -in $cms_sig \
1178 -CAfile $ca_cert -certfile $server_cert 1178 -CAfile $ca_cert -certfile $sv_rsa_cert
1179 check_exit_status $? 1179 check_exit_status $?
1180 1180
1181 # encrypt with pwri 1181 # encrypt with pwri
@@ -1218,7 +1218,7 @@ __EOF__
1218 start_message "smime ... encrypt message" 1218 start_message "smime ... encrypt message"
1219 1219
1220 $openssl_bin smime -encrypt -aes256 -binary -in $smime_txt \ 1220 $openssl_bin smime -encrypt -aes256 -binary -in $smime_txt \
1221 -out $smime_enc $server_cert 1221 -out $smime_enc $sv_rsa_cert
1222 check_exit_status $? 1222 check_exit_status $?
1223 1223
1224 # sign 1224 # sign
@@ -1226,8 +1226,8 @@ __EOF__
1226 1226
1227 $openssl_bin smime -sign -in $smime_enc -text -inform smime \ 1227 $openssl_bin smime -sign -in $smime_enc -text -inform smime \
1228 -out $smime_sig -outform smime \ 1228 -out $smime_sig -outform smime \
1229 -signer $user1_cert -inkey $user1_key -keyform pem \ 1229 -signer $cl_rsa_cert -inkey $cl_rsa_key -keyform pem \
1230 -passin pass:$user1_pass -md sha256 \ 1230 -passin pass:$cl_rsa_pass -md sha256 \
1231 -from user1@test_dummy.com -to server@test_dummy.com \ 1231 -from user1@test_dummy.com -to server@test_dummy.com \
1232 -subject "test openssl smime" 1232 -subject "test openssl smime"
1233 check_exit_status $? 1233 check_exit_status $?
@@ -1242,7 +1242,7 @@ __EOF__
1242 start_message "smime ... verify message" 1242 start_message "smime ... verify message"
1243 1243
1244 $openssl_bin smime -verify -in $smime_sig \ 1244 $openssl_bin smime -verify -in $smime_sig \
1245 -CAfile $ca_cert -certfile $user1_cert -nointern \ 1245 -CAfile $ca_cert -certfile $cl_rsa_cert -nointern \
1246 -check_ss_sig -issuer_checks -policy_check -x509_strict \ 1246 -check_ss_sig -issuer_checks -policy_check -x509_strict \
1247 -signer $smime_sgr -text -out $smime_ver 1247 -signer $smime_sgr -text -out $smime_ver
1248 check_exit_status $? 1248 check_exit_status $?
@@ -1251,7 +1251,7 @@ __EOF__
1251 start_message "smime ... decrypt message" 1251 start_message "smime ... decrypt message"
1252 1252
1253 $openssl_bin smime -decrypt -in $smime_ver -out $smime_dec \ 1253 $openssl_bin smime -decrypt -in $smime_ver -out $smime_dec \
1254 -recip $server_cert -inkey $server_key -passin pass:$server_pass 1254 -recip $sv_rsa_cert -inkey $sv_rsa_key -passin pass:$sv_rsa_pass
1255 check_exit_status $? 1255 check_exit_status $?
1256 1256
1257 diff $smime_dec $smime_txt 1257 diff $smime_dec $smime_txt
@@ -1263,19 +1263,19 @@ function test_ocsp {
1263 section_message "OCSP operations" 1263 section_message "OCSP operations"
1264 1264
1265 # get key without pass 1265 # get key without pass
1266 user1_key_nopass=$user1_dir/user1_key_nopass.pem 1266 cl_rsa_key_nopass=$user1_dir/cl_rsa_key_nopass.pem
1267 $openssl_bin pkey -in $user1_key -passin pass:$user1_pass \ 1267 $openssl_bin pkey -in $cl_rsa_key -passin pass:$cl_rsa_pass \
1268 -out $user1_key_nopass 1268 -out $cl_rsa_key_nopass
1269 check_exit_status $? 1269 check_exit_status $?
1270 1270
1271 # request 1271 # request
1272 start_message "ocsp ... create OCSP request" 1272 start_message "ocsp ... create OCSP request"
1273 1273
1274 ocsp_req=$user1_dir/ocsp_req.der 1274 ocsp_req=$user1_dir/ocsp_req.der
1275 $openssl_bin ocsp -issuer $ca_cert -cert $server_cert \ 1275 $openssl_bin ocsp -issuer $ca_cert -cert $sv_rsa_cert \
1276 -cert $revoke_cert -serial 1 -nonce -no_certs -CAfile $ca_cert \ 1276 -cert $revoke_cert -serial 1 -nonce -no_certs -CAfile $ca_cert \
1277 -signer $user1_cert -signkey $user1_key_nopass \ 1277 -signer $cl_rsa_cert -signkey $cl_rsa_key_nopass \
1278 -sign_other $user1_cert -sha256 \ 1278 -sign_other $cl_rsa_cert -sha256 \
1279 -reqout $ocsp_req -req_text -out $ocsp_req.out 1279 -reqout $ocsp_req -req_text -out $ocsp_req.out
1280 check_exit_status $? 1280 check_exit_status $?
1281 1281
@@ -1309,7 +1309,7 @@ function test_ocsp {
1309 start_message "ocsp ... send OCSP request to server" 1309 start_message "ocsp ... send OCSP request to server"
1310 1310
1311 ocsp_qry=$user1_dir/ocsp_qry.der 1311 ocsp_qry=$user1_dir/ocsp_qry.der
1312 $openssl_bin ocsp -issuer $ca_cert -cert $server_cert \ 1312 $openssl_bin ocsp -issuer $ca_cert -cert $sv_rsa_cert \
1313 -cert $revoke_cert -CAfile $ca_cert -no_nonce \ 1313 -cert $revoke_cert -CAfile $ca_cert -no_nonce \
1314 -url http://localhost:$ocsp_port -timeout 10 -text \ 1314 -url http://localhost:$ocsp_port -timeout 10 -text \
1315 -header Host localhost \ 1315 -header Host localhost \
@@ -1337,34 +1337,34 @@ function test_pkcs {
1337 check_exit_status $? 1337 check_exit_status $?
1338 1338
1339 start_message "pkcs8 ... convert key to pkcs8" 1339 start_message "pkcs8 ... convert key to pkcs8"
1340 $openssl_bin pkcs8 -in $user1_key -topk8 -out $user1_key.p8 \ 1340 $openssl_bin pkcs8 -in $cl_rsa_key -topk8 -out $cl_rsa_key.p8 \
1341 -passin pass:$user1_pass -passout pass:$user1_pass \ 1341 -passin pass:$cl_rsa_pass -passout pass:$cl_rsa_pass \
1342 -v1 pbeWithSHA1AndDES-CBC -v2 des3 1342 -v1 pbeWithSHA1AndDES-CBC -v2 des3
1343 check_exit_status $? 1343 check_exit_status $?
1344 1344
1345 start_message "pkcs8 ... convert pkcs8 to key in DER format" 1345 start_message "pkcs8 ... convert pkcs8 to key in DER format"
1346 $openssl_bin pkcs8 -in $user1_key.p8 -passin pass:$user1_pass \ 1346 $openssl_bin pkcs8 -in $cl_rsa_key.p8 -passin pass:$cl_rsa_pass \
1347 -outform DER -out $user1_key.p8.der 1347 -outform DER -out $cl_rsa_key.p8.der
1348 check_exit_status $? 1348 check_exit_status $?
1349 1349
1350 start_message "pkcs12 ... create" 1350 start_message "pkcs12 ... create"
1351 $openssl_bin pkcs12 -export -in $server_cert -inkey $server_key \ 1351 $openssl_bin pkcs12 -export -in $sv_rsa_cert -inkey $sv_rsa_key \
1352 -passin pass:$server_pass -certfile $ca_cert -CAfile $ca_cert \ 1352 -passin pass:$sv_rsa_pass -certfile $ca_cert -CAfile $ca_cert \
1353 -caname "caname_server_p12" \ 1353 -caname "caname_server_p12" \
1354 -certpbe AES-256-CBC -keypbe AES-256-CBC -chain \ 1354 -certpbe AES-256-CBC -keypbe AES-256-CBC -chain \
1355 -name "name_server_p12" -des3 -maciter -macalg sha256 \ 1355 -name "name_server_p12" -des3 -maciter -macalg sha256 \
1356 -CSP "csp_server_p12" -LMK -keyex \ 1356 -CSP "csp_server_p12" -LMK -keyex \
1357 -passout pass:$pkcs_pass -out $server_cert.p12 1357 -passout pass:$pkcs_pass -out $sv_rsa_cert.p12
1358 check_exit_status $? 1358 check_exit_status $?
1359 1359
1360 start_message "pkcs12 ... verify" 1360 start_message "pkcs12 ... verify"
1361 $openssl_bin pkcs12 -in $server_cert.p12 -passin pass:$pkcs_pass -info \ 1361 $openssl_bin pkcs12 -in $sv_rsa_cert.p12 -passin pass:$pkcs_pass -info \
1362 -noout > $server_cert.p12.log 2>&1 1362 -noout > $sv_rsa_cert.p12.log 2>&1
1363 check_exit_status $? 1363 check_exit_status $?
1364 1364
1365 start_message "pkcs12 ... private key to PEM without encryption" 1365 start_message "pkcs12 ... private key to PEM without encryption"
1366 $openssl_bin pkcs12 -in $server_cert.p12 -password pass:$pkcs_pass \ 1366 $openssl_bin pkcs12 -in $sv_rsa_cert.p12 -password pass:$pkcs_pass \
1367 -nocerts -nomacver -nodes -out $server_cert.p12.pem 1367 -nocerts -nomacver -nodes -out $sv_rsa_cert.p12.pem
1368 check_exit_status $? 1368 check_exit_status $?
1369} 1369}
1370 1370
@@ -1579,19 +1579,19 @@ function test_server_client {
1579 1579
1580 if [ $ecdsa_tests = 1 ] ; then 1580 if [ $ecdsa_tests = 1 ] ; then
1581 echo "Using ECDSA certificate" 1581 echo "Using ECDSA certificate"
1582 crt=$ecdsa_cert 1582 crt=$sv_ecdsa_cert
1583 key=$ecdsa_key 1583 key=$sv_ecdsa_key
1584 pwd=$ecdsa_pass 1584 pwd=$sv_ecdsa_pass
1585 elif [ $gost_tests = 1 ] ; then 1585 elif [ $gost_tests = 1 ] ; then
1586 echo "Using GOST certificate" 1586 echo "Using GOST certificate"
1587 crt=$gost_cert 1587 crt=$sv_gost_cert
1588 key=$gost_key 1588 key=$sv_gost_key
1589 pwd=$gost_pass 1589 pwd=$sv_gost_pass
1590 else 1590 else
1591 echo "Using RSA certificate" 1591 echo "Using RSA certificate"
1592 crt=$server_cert 1592 crt=$sv_rsa_cert
1593 key=$server_key 1593 key=$sv_rsa_key
1594 pwd=$server_pass 1594 pwd=$sv_rsa_pass
1595 fi 1595 fi
1596 1596
1597 $s_bin version | grep 'OpenSSL 1.1.1' > /dev/null 1597 $s_bin version | grep 'OpenSSL 1.1.1' > /dev/null
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-23 23:02:42 +0000