Start each regress run from scratch with new keys and CA database.

1 files changed, 17 insertions, 12 deletions

diff --git a/src/regress/lib/libcrypto/CA/Makefile b/src/regress/lib/libcrypto/CA/Makefile
index 3e445d2de0..3616b132bf 100644
--- a/src/regress/lib/libcrypto/CA/Makefile
+++ b/src/regress/lib/libcrypto/CA/Makefile
@@ -1,7 +1,10 @@
-#       $OpenBSD: Makefile,v 1.2 2020/12/26 00:48:56 bluhm Exp $
+#       $OpenBSD: Makefile,v 1.3 2020/12/26 14:42:09 bluhm Exp $
 
 CLEANFILES +=   *.pem *.serial *.txt *.attr *.old
 
+# Start each regress run from scratch with new keys and CA database.
+REGRESS_SETUP_ONCE +=   clean
+
 REGRESS_SETUP_ONCE +=   root.serial intermediate.serial
 root.serial intermediate.serial:
         echo 1000 >$@
@@ -11,17 +14,18 @@ root.txt intermediate.txt:
         true >$@
 
 # Vanna Vanna make me a root cert
-root.key.pem:
+root.key.pem: stamp-clean
         # generate root rsa 4096 key
         openssl genrsa -out root.key.pem 4096
 
-root.cert.pem: root.cnf root.key.pem
-        # generate root req
+root.cert.pem: root.cnf root.key.pem \
+    stamp-root.serial stamp-root.txt
+        # generate root cert
         openssl req -batch -config ${.CURDIR}/root.cnf -key root.key.pem \
             -new -x509 -days 365 -sha256 -extensions v3_ca -out root.cert.pem
 
 # Make intermediate
-intermediate.key.pem:
+intermediate.key.pem: stamp-clean
         # generate intermediate rsa 2048 key
         openssl genrsa -out intermediate.key.pem 2048
 
@@ -31,14 +35,15 @@ intermediate.csr.pem: intermediate.cnf intermediate.key.pem
           -key intermediate.key.pem -out intermediate.csr.pem
 
 # Sign intermediate
-intermediate.cert.pem:  root.cnf root.cert.pem intermediate.csr.pem
+intermediate.cert.pem: root.cnf root.cert.pem intermediate.csr.pem \
+    stamp-intermediate.serial stamp-intermediate.txt
         # sign intermediate
         openssl ca -batch -config ${.CURDIR}/root.cnf \
             -extensions v3_intermediate_ca -days 10 -notext -md sha256 \
             -in intermediate.csr.pem -out intermediate.cert.pem
 
 REGRESS_TARGETS +=      run-verify-intermediate
-# Verify Intermediate
+# Verify intermediate
 run-verify-intermediate: root.cert.pem intermediate.cert.pem
         # validate intermediate CA
         openssl verify -CAfile root.cert.pem intermediate.cert.pem
@@ -47,7 +52,7 @@ chain.pem: intermediate.cert.pem root.cert.pem
         cat intermediate.cert.pem root.cert.pem > chain.pem
 
 # Make a server certificate
-server.key.pem:
+server.key.pem: stamp-clean
         # genrsa server
         openssl genrsa -out server.key.pem 2048
 
@@ -65,7 +70,7 @@ server.cert.pem: intermediate.cnf intermediate.cert.pem server.csr.pem
             -in server.csr.pem -out server.cert.pem
 
 # Make a client certificate
-client.key.pem:
+client.key.pem: stamp-clean
         # genrsa client
         openssl genrsa -out client.key.pem 2048
 
@@ -76,20 +81,20 @@ client.csr.pem: intermediate.cnf intermediate.cert.pem client.key.pem
             -key client.key.pem -out client.csr.pem
 
 # Sign client key
-client.cert.pem: intermediate.cnf intermediate.txt client.csr.pem
+client.cert.pem: intermediate.cnf intermediate.cert.pem client.csr.pem
         # client sign
         openssl ca -batch -config ${.CURDIR}/intermediate.cnf \
             -extensions usr_cert -days 5 -notext -md sha256 \
             -in client.csr.pem -out client.cert.pem
 
 REGRESS_TARGETS +=      run-verify-server
-# Verify Intermediate
+# Verify server with intermediate
 run-verify-server: chain.pem server.cert.pem
         # validate server cert
         openssl verify -purpose sslserver -CAfile chain.pem server.cert.pem
 
 REGRESS_TARGETS +=      run-verify-client
-# Verify Intermediate
+# Verify client with intermediate
 run-verify-client: chain.pem client.cert.pem
         # validate client cert
         openssl verify -purpose sslclient -CAfile chain.pem client.cert.pem