1 files changed, 75 insertions, 11 deletions
diff --git a/src/lib/libssl/test/testss b/src/lib/libssl/test/testss
index 8d3557f356..1a426857d3 100644
--- a/src/lib/libssl/test/testss
+++ b/src/lib/libssl/test/testss
@@ -1,9 +1,9 @@
 #!/bin/sh
-digest='-md5'
+digest='-sha1'
-reqcmd="../apps/openssl req"
+reqcmd="../util/shlib_wrap.sh ../apps/openssl req"
-x509cmd="../apps/openssl x509 $digest"
+x509cmd="../util/shlib_wrap.sh ../apps/openssl x509 $digest"
-verifycmd="../apps/openssl verify"
+verifycmd="../util/shlib_wrap.sh ../apps/openssl verify"
 dummycnf="../apps/openssl.cnf"
 CAkey="keyCA.ss"
@@ -17,12 +17,24 @@ Ukey="keyU.ss"
 Ureq="reqU.ss"
 Ucert="certU.ss"
+P1conf="P1ss.cnf"
+P1key="keyP1.ss"
+P1req="reqP1.ss"
+P1cert="certP1.ss"
+P1intermediate="tmp_intP1.ss"
+P2conf="P2ss.cnf"
+P2key="keyP2.ss"
+P2req="reqP2.ss"
+P2cert="certP2.ss"
+P2intermediate="tmp_intP2.ss"
 echo
 echo "make a certificate request using 'req'"
 echo "string to make the random number generator think it has entropy" >> ./.rnd
-if ../apps/openssl no-rsa; then
+if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then
  req_new='-newkey dsa:../apps/dsa512.pem'
 else
  req_new='-new'
@@ -35,7 +47,7 @@ if [ $? != 0 ]; then
 fi
 echo
 echo "convert the certificate request into a self signed certificate using 'x509'"
-$x509cmd -CAcreateserial -in $CAreq -days 30 -req -out $CAcert -signkey $CAkey >err.ss
+$x509cmd -CAcreateserial -in $CAreq -days 30 -req -out $CAcert -signkey $CAkey -extfile $CAconf -extensions v3_ca >err.ss
 if [ $? != 0 ]; then
        echo "error using 'x509' to self sign a certificate request"
        exit 1
@@ -68,18 +80,18 @@ if [ $? != 0 ]; then
 fi
 echo
-echo "make another certificate request using 'req'"
+echo "make a user certificate request using 'req'"
 $reqcmd -config $Uconf -out $Ureq -keyout $Ukey $req_new >err.ss
 if [ $? != 0 ]; then
-        echo "error using 'req' to generate a certificate request"
+        echo "error using 'req' to generate a user certificate request"
        exit 1
 fi
 echo
-echo "sign certificate request with the just created CA via 'x509'"
+echo "sign user certificate request with the just created CA via 'x509'"
-$x509cmd -CAcreateserial -in $Ureq -days 30 -req -out $Ucert -CA $CAcert -CAkey $CAkey >err.ss
+$x509cmd -CAcreateserial -in $Ureq -days 30 -req -out $Ucert -CA $CAcert -CAkey $CAkey -extfile $Uconf -extensions v3_ee >err.ss
 if [ $? != 0 ]; then
-        echo "error using 'x509' to sign a certificate request"
+        echo "error using 'x509' to sign a user certificate request"
        exit 1
 fi
@@ -89,11 +101,63 @@ echo "Certificate details"
 $x509cmd -subject -issuer -startdate -enddate -noout -in $Ucert
 echo
+echo "make a proxy certificate request using 'req'"
+$reqcmd -config $P1conf -out $P1req -keyout $P1key $req_new >err.ss
+if [ $? != 0 ]; then
+        echo "error using 'req' to generate a proxy certificate request"
+        exit 1
+fi
+echo
+echo "sign proxy certificate request with the just created user certificate via 'x509'"
+$x509cmd -CAcreateserial -in $P1req -days 30 -req -out $P1cert -CA $Ucert -CAkey $Ukey -extfile $P1conf -extensions v3_proxy >err.ss
+if [ $? != 0 ]; then
+        echo "error using 'x509' to sign a proxy certificate request"
+        exit 1
+fi
+cat $Ucert > $P1intermediate
+$verifycmd -CAfile $CAcert -untrusted $P1intermediate $P1cert
+echo
+echo "Certificate details"
+$x509cmd -subject -issuer -startdate -enddate -noout -in $P1cert
+echo
+echo "make another proxy certificate request using 'req'"
+$reqcmd -config $P2conf -out $P2req -keyout $P2key $req_new >err.ss
+if [ $? != 0 ]; then
+        echo "error using 'req' to generate another proxy certificate request"
+        exit 1
+fi
+echo
+echo "sign second proxy certificate request with the first proxy certificate via 'x509'"
+$x509cmd -CAcreateserial -in $P2req -days 30 -req -out $P2cert -CA $P1cert -CAkey $P1key -extfile $P2conf -extensions v3_proxy >err.ss
+if [ $? != 0 ]; then
+        echo "error using 'x509' to sign a second proxy certificate request"
+        exit 1
+fi
+cat $Ucert $P1cert > $P2intermediate
+$verifycmd -CAfile $CAcert -untrusted $P2intermediate $P2cert
+echo
+echo "Certificate details"
+$x509cmd -subject -issuer -startdate -enddate -noout -in $P2cert
+echo
 echo The generated CA certificate is $CAcert
 echo The generated CA private key is $CAkey
 echo The generated user certificate is $Ucert
 echo The generated user private key is $Ukey
+echo The first generated proxy certificate is $P1cert
+echo The first generated proxy private key is $P1key
+echo The second generated proxy certificate is $P2cert
+echo The second generated proxy private key is $P2key
 /bin/rm err.ss
+#/bin/rm $P1intermediate
+#/bin/rm $P2intermediate
 exit 0

diff --git a/src/lib/libssl/test/testss b/src/lib/libssl/test/testss index 8d3557f356..1a426857d3 100644 --- a/src/lib/libssl/test/testss +++ b/src/lib/libssl/test/testss
@@ -1,9 +1,9 @@
1	#!/bin/sh	1	#!/bin/sh
2		2
3	digest='-md5'	3	digest='-sha1'
4	reqcmd="../apps/openssl req"	4	reqcmd="../util/shlib_wrap.sh ../apps/openssl req"
5	x509cmd="../apps/openssl x509 $digest"	5	x509cmd="../util/shlib_wrap.sh ../apps/openssl x509 $digest"
6	verifycmd="../apps/openssl verify"	6	verifycmd="../util/shlib_wrap.sh ../apps/openssl verify"
7	dummycnf="../apps/openssl.cnf"	7	dummycnf="../apps/openssl.cnf"
8		8
9	CAkey="keyCA.ss"	9	CAkey="keyCA.ss"
@@ -17,12 +17,24 @@ Ukey="keyU.ss"
17	Ureq="reqU.ss"	17	Ureq="reqU.ss"
18	Ucert="certU.ss"	18	Ucert="certU.ss"
19		19
		20	P1conf="P1ss.cnf"
		21	P1key="keyP1.ss"
		22	P1req="reqP1.ss"
		23	P1cert="certP1.ss"
		24	P1intermediate="tmp_intP1.ss"
		25
		26	P2conf="P2ss.cnf"
		27	P2key="keyP2.ss"
		28	P2req="reqP2.ss"
		29	P2cert="certP2.ss"
		30	P2intermediate="tmp_intP2.ss"
		31
20	echo	32	echo
21	echo "make a certificate request using 'req'"	33	echo "make a certificate request using 'req'"
22		34
23	echo "string to make the random number generator think it has entropy" >> ./.rnd	35	echo "string to make the random number generator think it has entropy" >> ./.rnd
24		36
25	if ../apps/openssl no-rsa; then	37	if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then
26	req_new='-newkey dsa:../apps/dsa512.pem'	38	req_new='-newkey dsa:../apps/dsa512.pem'
27	else	39	else
28	req_new='-new'	40	req_new='-new'
@@ -35,7 +47,7 @@ if [ $? != 0 ]; then
35	fi	47	fi
36	echo	48	echo
37	echo "convert the certificate request into a self signed certificate using 'x509'"	49	echo "convert the certificate request into a self signed certificate using 'x509'"
38	$x509cmd -CAcreateserial -in $CAreq -days 30 -req -out $CAcert -signkey $CAkey >err.ss	50	$x509cmd -CAcreateserial -in $CAreq -days 30 -req -out $CAcert -signkey $CAkey -extfile $CAconf -extensions v3_ca >err.ss
39	if [ $? != 0 ]; then	51	if [ $? != 0 ]; then
40	echo "error using 'x509' to self sign a certificate request"	52	echo "error using 'x509' to self sign a certificate request"
41	exit 1	53	exit 1
@@ -68,18 +80,18 @@ if [ $? != 0 ]; then
68	fi	80	fi
69		81
70	echo	82	echo
71	echo "make another certificate request using 'req'"	83	echo "make a user certificate request using 'req'"
72	$reqcmd -config $Uconf -out $Ureq -keyout $Ukey $req_new >err.ss	84	$reqcmd -config $Uconf -out $Ureq -keyout $Ukey $req_new >err.ss
73	if [ $? != 0 ]; then	85	if [ $? != 0 ]; then
74	echo "error using 'req' to generate a certificate request"	86	echo "error using 'req' to generate a user certificate request"
75	exit 1	87	exit 1
76	fi	88	fi
77		89
78	echo	90	echo
79	echo "sign certificate request with the just created CA via 'x509'"	91	echo "sign user certificate request with the just created CA via 'x509'"
80	$x509cmd -CAcreateserial -in $Ureq -days 30 -req -out $Ucert -CA $CAcert -CAkey $CAkey >err.ss	92	$x509cmd -CAcreateserial -in $Ureq -days 30 -req -out $Ucert -CA $CAcert -CAkey $CAkey -extfile $Uconf -extensions v3_ee >err.ss
81	if [ $? != 0 ]; then	93	if [ $? != 0 ]; then
82	echo "error using 'x509' to sign a certificate request"	94	echo "error using 'x509' to sign a user certificate request"
83	exit 1	95	exit 1
84	fi	96	fi
85		97
@@ -89,11 +101,63 @@ echo "Certificate details"
89	$x509cmd -subject -issuer -startdate -enddate -noout -in $Ucert	101	$x509cmd -subject -issuer -startdate -enddate -noout -in $Ucert
90		102
91	echo	103	echo
		104	echo "make a proxy certificate request using 'req'"
		105	$reqcmd -config $P1conf -out $P1req -keyout $P1key $req_new >err.ss
		106	if [ $? != 0 ]; then
		107	echo "error using 'req' to generate a proxy certificate request"
		108	exit 1
		109	fi
		110
		111	echo
		112	echo "sign proxy certificate request with the just created user certificate via 'x509'"
		113	$x509cmd -CAcreateserial -in $P1req -days 30 -req -out $P1cert -CA $Ucert -CAkey $Ukey -extfile $P1conf -extensions v3_proxy >err.ss
		114	if [ $? != 0 ]; then
		115	echo "error using 'x509' to sign a proxy certificate request"
		116	exit 1
		117	fi
		118
		119	cat $Ucert > $P1intermediate
		120	$verifycmd -CAfile $CAcert -untrusted $P1intermediate $P1cert
		121	echo
		122	echo "Certificate details"
		123	$x509cmd -subject -issuer -startdate -enddate -noout -in $P1cert
		124
		125	echo
		126	echo "make another proxy certificate request using 'req'"
		127	$reqcmd -config $P2conf -out $P2req -keyout $P2key $req_new >err.ss
		128	if [ $? != 0 ]; then
		129	echo "error using 'req' to generate another proxy certificate request"
		130	exit 1
		131	fi
		132
		133	echo
		134	echo "sign second proxy certificate request with the first proxy certificate via 'x509'"
		135	$x509cmd -CAcreateserial -in $P2req -days 30 -req -out $P2cert -CA $P1cert -CAkey $P1key -extfile $P2conf -extensions v3_proxy >err.ss
		136	if [ $? != 0 ]; then
		137	echo "error using 'x509' to sign a second proxy certificate request"
		138	exit 1
		139	fi
		140
		141	cat $Ucert $P1cert > $P2intermediate
		142	$verifycmd -CAfile $CAcert -untrusted $P2intermediate $P2cert
		143	echo
		144	echo "Certificate details"
		145	$x509cmd -subject -issuer -startdate -enddate -noout -in $P2cert
		146
		147	echo
92	echo The generated CA certificate is $CAcert	148	echo The generated CA certificate is $CAcert
93	echo The generated CA private key is $CAkey	149	echo The generated CA private key is $CAkey
94		150
95	echo The generated user certificate is $Ucert	151	echo The generated user certificate is $Ucert
96	echo The generated user private key is $Ukey	152	echo The generated user private key is $Ukey
97		153
		154	echo The first generated proxy certificate is $P1cert
		155	echo The first generated proxy private key is $P1key
		156
		157	echo The second generated proxy certificate is $P2cert
		158	echo The second generated proxy private key is $P2key
		159
98	/bin/rm err.ss	160	/bin/rm err.ss
		161	#/bin/rm $P1intermediate
		162	#/bin/rm $P2intermediate
99	exit 0	163	exit 0