summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/regress/lib/libcrypto/CA/Makefile29
1 files changed, 17 insertions, 12 deletions
diff --git a/src/regress/lib/libcrypto/CA/Makefile b/src/regress/lib/libcrypto/CA/Makefile
index 3e445d2de0..3616b132bf 100644
--- a/src/regress/lib/libcrypto/CA/Makefile
+++ b/src/regress/lib/libcrypto/CA/Makefile
@@ -1,7 +1,10 @@
1# $OpenBSD: Makefile,v 1.2 2020/12/26 00:48:56 bluhm Exp $ 1# $OpenBSD: Makefile,v 1.3 2020/12/26 14:42:09 bluhm Exp $
2 2
3CLEANFILES += *.pem *.serial *.txt *.attr *.old 3CLEANFILES += *.pem *.serial *.txt *.attr *.old
4 4
5# Start each regress run from scratch with new keys and CA database.
6REGRESS_SETUP_ONCE += clean
7
5REGRESS_SETUP_ONCE += root.serial intermediate.serial 8REGRESS_SETUP_ONCE += root.serial intermediate.serial
6root.serial intermediate.serial: 9root.serial intermediate.serial:
7 echo 1000 >$@ 10 echo 1000 >$@
@@ -11,17 +14,18 @@ root.txt intermediate.txt:
11 true >$@ 14 true >$@
12 15
13# Vanna Vanna make me a root cert 16# Vanna Vanna make me a root cert
14root.key.pem: 17root.key.pem: stamp-clean
15 # generate root rsa 4096 key 18 # generate root rsa 4096 key
16 openssl genrsa -out root.key.pem 4096 19 openssl genrsa -out root.key.pem 4096
17 20
18root.cert.pem: root.cnf root.key.pem 21root.cert.pem: root.cnf root.key.pem \
19 # generate root req 22 stamp-root.serial stamp-root.txt
23 # generate root cert
20 openssl req -batch -config ${.CURDIR}/root.cnf -key root.key.pem \ 24 openssl req -batch -config ${.CURDIR}/root.cnf -key root.key.pem \
21 -new -x509 -days 365 -sha256 -extensions v3_ca -out root.cert.pem 25 -new -x509 -days 365 -sha256 -extensions v3_ca -out root.cert.pem
22 26
23# Make intermediate 27# Make intermediate
24intermediate.key.pem: 28intermediate.key.pem: stamp-clean
25 # generate intermediate rsa 2048 key 29 # generate intermediate rsa 2048 key
26 openssl genrsa -out intermediate.key.pem 2048 30 openssl genrsa -out intermediate.key.pem 2048
27 31
@@ -31,14 +35,15 @@ intermediate.csr.pem: intermediate.cnf intermediate.key.pem
31 -key intermediate.key.pem -out intermediate.csr.pem 35 -key intermediate.key.pem -out intermediate.csr.pem
32 36
33# Sign intermediate 37# Sign intermediate
34intermediate.cert.pem: root.cnf root.cert.pem intermediate.csr.pem 38intermediate.cert.pem: root.cnf root.cert.pem intermediate.csr.pem \
39 stamp-intermediate.serial stamp-intermediate.txt
35 # sign intermediate 40 # sign intermediate
36 openssl ca -batch -config ${.CURDIR}/root.cnf \ 41 openssl ca -batch -config ${.CURDIR}/root.cnf \
37 -extensions v3_intermediate_ca -days 10 -notext -md sha256 \ 42 -extensions v3_intermediate_ca -days 10 -notext -md sha256 \
38 -in intermediate.csr.pem -out intermediate.cert.pem 43 -in intermediate.csr.pem -out intermediate.cert.pem
39 44
40REGRESS_TARGETS += run-verify-intermediate 45REGRESS_TARGETS += run-verify-intermediate
41# Verify Intermediate 46# Verify intermediate
42run-verify-intermediate: root.cert.pem intermediate.cert.pem 47run-verify-intermediate: root.cert.pem intermediate.cert.pem
43 # validate intermediate CA 48 # validate intermediate CA
44 openssl verify -CAfile root.cert.pem intermediate.cert.pem 49 openssl verify -CAfile root.cert.pem intermediate.cert.pem
@@ -47,7 +52,7 @@ chain.pem: intermediate.cert.pem root.cert.pem
47 cat intermediate.cert.pem root.cert.pem > chain.pem 52 cat intermediate.cert.pem root.cert.pem > chain.pem
48 53
49# Make a server certificate 54# Make a server certificate
50server.key.pem: 55server.key.pem: stamp-clean
51 # genrsa server 56 # genrsa server
52 openssl genrsa -out server.key.pem 2048 57 openssl genrsa -out server.key.pem 2048
53 58
@@ -65,7 +70,7 @@ server.cert.pem: intermediate.cnf intermediate.cert.pem server.csr.pem
65 -in server.csr.pem -out server.cert.pem 70 -in server.csr.pem -out server.cert.pem
66 71
67# Make a client certificate 72# Make a client certificate
68client.key.pem: 73client.key.pem: stamp-clean
69 # genrsa client 74 # genrsa client
70 openssl genrsa -out client.key.pem 2048 75 openssl genrsa -out client.key.pem 2048
71 76
@@ -76,20 +81,20 @@ client.csr.pem: intermediate.cnf intermediate.cert.pem client.key.pem
76 -key client.key.pem -out client.csr.pem 81 -key client.key.pem -out client.csr.pem
77 82
78# Sign client key 83# Sign client key
79client.cert.pem: intermediate.cnf intermediate.txt client.csr.pem 84client.cert.pem: intermediate.cnf intermediate.cert.pem client.csr.pem
80 # client sign 85 # client sign
81 openssl ca -batch -config ${.CURDIR}/intermediate.cnf \ 86 openssl ca -batch -config ${.CURDIR}/intermediate.cnf \
82 -extensions usr_cert -days 5 -notext -md sha256 \ 87 -extensions usr_cert -days 5 -notext -md sha256 \
83 -in client.csr.pem -out client.cert.pem 88 -in client.csr.pem -out client.cert.pem
84 89
85REGRESS_TARGETS += run-verify-server 90REGRESS_TARGETS += run-verify-server
86# Verify Intermediate 91# Verify server with intermediate
87run-verify-server: chain.pem server.cert.pem 92run-verify-server: chain.pem server.cert.pem
88 # validate server cert 93 # validate server cert
89 openssl verify -purpose sslserver -CAfile chain.pem server.cert.pem 94 openssl verify -purpose sslserver -CAfile chain.pem server.cert.pem
90 95
91REGRESS_TARGETS += run-verify-client 96REGRESS_TARGETS += run-verify-client
92# Verify Intermediate 97# Verify client with intermediate
93run-verify-client: chain.pem client.cert.pem 98run-verify-client: chain.pem client.cert.pem
94 # validate client cert 99 # validate client cert
95 openssl verify -purpose sslclient -CAfile chain.pem client.cert.pem 100 openssl verify -purpose sslclient -CAfile chain.pem client.cert.pem
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-11-03 01:00:06 +0000