1 files changed, 115 insertions, 0 deletions
diff --git a/src/regress/lib/libcrypto/CA/doit.sh b/src/regress/lib/libcrypto/CA/doit.sh
new file mode 100755
index 0000000000..3b0375a026
--- /dev/null
+++ b/src/regress/lib/libcrypto/CA/doit.sh
@@ -0,0 +1,115 @@
+#!/bin/sh
+rm -rf root intermediate certs
+echo 1000 > rootserial
+cat /dev/null > root.txt
+echo 1000 > intserial
+cat /dev/null > int.txt
+# Vanna Vanna make me a root cert
+openssl genrsa -out root.key.pem 4096
+if [ $? -ne 0 ]; then
+   echo "*** Fail;  Can't generate root rsa 4096 key"
+   exit 1
+fi   
+openssl req -batch -config root.cnf -key root.key.pem -new -x509 -days 365 -sha256 -extensions v3_ca -out root.cert.pem
+if [ $? -ne 0 ]; then
+   echo "*** Fail;  Can't generate root req"
+   exit 1
+fi   
+# Make intermediate
+openssl genrsa -out intermediate.key.pem 2048
+if [ $? -ne 0 ]; then
+   echo "*** Fail;  Can't generate intermediate rsa 2048 key"
+   exit 1
+fi   
+openssl req -batch -config intermediate.cnf -new -sha256 \
+      -key intermediate.key.pem \
+      -out intermediate.csr.pem
+if [ $? -ne 0 ]; then
+   echo "*** Fail;  Can't generate intermediate req"
+   exit 1
+fi   
+# Sign intermediate
+openssl ca -batch -config root.cnf -extensions v3_intermediate_ca -days 10 -notext -md sha256 -in intermediate.csr.pem -out intermediate.cert.pem 
+if [ $? -ne 0 ]; then
+   echo "*** Fail;  Can't sign intermediate"
+   exit 1
+fi   
+# Verify Intermediate
+openssl verify -CAfile ca.cert.pem intermediate.cert.pem
+if [ $? -ne 0]; then
+   echo "*** Fail; Intermediate CA does not validate"
+   exit 1
+fi   
+cat intermediate.cert.pem root.cert.pem > chain.pem
+# make a server certificate
+openssl genrsa -out server.key.pem 2048
+if [ $? -ne 0]; then
+   echo "*** Fail; genrsa server"
+   exit 1
+fi   
+openssl req -batch -config intermediate.cnf \
+      -key server.key.pem \
+      -new -sha256 -out server.csr.pem \
+      -subj '/CN=server/O=OpenBSD/OU=So and Sos/C=CA'
+if [ $? -ne 0]; then
+   echo "*** Fail; server req"
+   exit 1
+fi   
+# sign server key
+openssl ca -batch -config intermediate.cnf -extensions server_cert -days 5 -notext -md sha256 -in server.csr.pem -out server.cert.pem
+if [ $? -ne 0 ]; then
+   echo "*** Fail; server sign"
+   exit 1
+fi   
+# make a client certificate
+openssl genrsa -out client.key.pem 2048
+if [ $? -ne 0]; then
+   echo "*** Fail; genrsa client"
+   exit 1
+fi   
+openssl req -batch -config intermediate.cnf \
+      -key client.key.pem \
+      -new -sha256 -out client.csr.pem \
+      -subj '/CN=client/O=OpenBSD/OU=So and Sos/C=CA'
+if [ $? -ne 0]; then
+   echo "*** Fail; client req"
+   exit 1
+fi   
+# sign client key
+openssl ca -batch -config intermediate.cnf -extensions usr_cert -days 5 -notext -md sha256 -in client.csr.pem -out client.cert.pem
+if [ $? -ne 0 ]; then
+   echo "*** Fail; client sign"
+   exit 1
+fi
+# Verify Intermediate
+openssl verify -purpose sslserver -CAfile chain.pem server.cert.pem
+if [ $? -ne 0 ]; then
+   echo "*** Fail; server cert does not validate"
+   exit 1
+fi   
+# Verify Intermediate
+openssl verify -purpose sslclient -CAfile chain.pem client.cert.pem
+if [ $? -ne 0 ]; then
+   echo "*** Fail; client cert does not validate"
+   exit 1
+fi

diff --git a/src/regress/lib/libcrypto/CA/doit.sh b/src/regress/lib/libcrypto/CA/doit.sh new file mode 100755 index 0000000000..3b0375a026 --- /dev/null +++ b/src/regress/lib/libcrypto/CA/doit.sh
@@ -0,0 +1,115 @@
	1	#!/bin/sh
	2
	3	rm -rf root intermediate certs
	4	echo 1000 > rootserial
	5	cat /dev/null > root.txt
	6	echo 1000 > intserial
	7	cat /dev/null > int.txt
	8
	9	# Vanna Vanna make me a root cert
	10	openssl genrsa -out root.key.pem 4096
	11	if [ $? -ne 0 ]; then
	12	echo "*** Fail; Can't generate root rsa 4096 key"
	13	exit 1
	14	fi
	15
	16	openssl req -batch -config root.cnf -key root.key.pem -new -x509 -days 365 -sha256 -extensions v3_ca -out root.cert.pem
	17	if [ $? -ne 0 ]; then
	18	echo "*** Fail; Can't generate root req"
	19	exit 1
	20	fi
	21
	22	# Make intermediate
	23	openssl genrsa -out intermediate.key.pem 2048
	24	if [ $? -ne 0 ]; then
	25	echo "*** Fail; Can't generate intermediate rsa 2048 key"
	26	exit 1
	27	fi
	28
	29	openssl req -batch -config intermediate.cnf -new -sha256 \
	30	-key intermediate.key.pem \
	31	-out intermediate.csr.pem
	32	if [ $? -ne 0 ]; then
	33	echo "*** Fail; Can't generate intermediate req"
	34	exit 1
	35	fi
	36
	37	# Sign intermediate
	38	openssl ca -batch -config root.cnf -extensions v3_intermediate_ca -days 10 -notext -md sha256 -in intermediate.csr.pem -out intermediate.cert.pem
	39	if [ $? -ne 0 ]; then
	40	echo "*** Fail; Can't sign intermediate"
	41	exit 1
	42	fi
	43
	44	# Verify Intermediate
	45	openssl verify -CAfile ca.cert.pem intermediate.cert.pem
	46	if [ $? -ne 0]; then
	47	echo "*** Fail; Intermediate CA does not validate"
	48	exit 1
	49	fi
	50
	51	cat intermediate.cert.pem root.cert.pem > chain.pem
	52
	53	# make a server certificate
	54
	55	openssl genrsa -out server.key.pem 2048
	56	if [ $? -ne 0]; then
	57	echo "*** Fail; genrsa server"
	58	exit 1
	59	fi
	60
	61
	62	openssl req -batch -config intermediate.cnf \
	63	-key server.key.pem \
	64	-new -sha256 -out server.csr.pem \
	65	-subj '/CN=server/O=OpenBSD/OU=So and Sos/C=CA'
	66	if [ $? -ne 0]; then
	67	echo "*** Fail; server req"
	68	exit 1
	69	fi
	70
	71	# sign server key
	72	openssl ca -batch -config intermediate.cnf -extensions server_cert -days 5 -notext -md sha256 -in server.csr.pem -out server.cert.pem
	73	if [ $? -ne 0 ]; then
	74	echo "*** Fail; server sign"
	75	exit 1
	76	fi
	77
	78	# make a client certificate
	79
	80	openssl genrsa -out client.key.pem 2048
	81	if [ $? -ne 0]; then
	82	echo "*** Fail; genrsa client"
	83	exit 1
	84	fi
	85
	86	openssl req -batch -config intermediate.cnf \
	87	-key client.key.pem \
	88	-new -sha256 -out client.csr.pem \
	89	-subj '/CN=client/O=OpenBSD/OU=So and Sos/C=CA'
	90	if [ $? -ne 0]; then
	91	echo "*** Fail; client req"
	92	exit 1
	93	fi
	94
	95	# sign client key
	96	openssl ca -batch -config intermediate.cnf -extensions usr_cert -days 5 -notext -md sha256 -in client.csr.pem -out client.cert.pem
	97	if [ $? -ne 0 ]; then
	98	echo "*** Fail; client sign"
	99	exit 1
	100	fi
	101
	102	# Verify Intermediate
	103	openssl verify -purpose sslserver -CAfile chain.pem server.cert.pem
	104	if [ $? -ne 0 ]; then
	105	echo "*** Fail; server cert does not validate"
	106	exit 1
	107	fi
	108
	109	# Verify Intermediate
	110	openssl verify -purpose sslclient -CAfile chain.pem client.cert.pem
	111	if [ $? -ne 0 ]; then
	112	echo "*** Fail; client cert does not validate"
	113	exit 1
	114	fi
	115