|
|
e58a44 |
From 7221a9f695016d3e4873bb799f06665ec74387f8 Mon Sep 17 00:00:00 2001
|
|
|
e58a44 |
From: Greg Hudson <ghudson@mit.edu>
|
|
|
e58a44 |
Date: Wed, 6 Sep 2017 12:56:37 -0400
|
|
|
e58a44 |
Subject: [PATCH] Fix make-certs.sh for OpenSSL 1.1
|
|
|
e58a44 |
|
|
|
e58a44 |
The openssl req commands in make-certs.sh contain -subj options which
|
|
|
e58a44 |
were ignored in favor of the config file prior to OpenSSL 1.1. When
|
|
|
e58a44 |
they are used, they remove elements of the subject which are now
|
|
|
e58a44 |
required by t_pkinit.py.
|
|
|
e58a44 |
|
|
|
e58a44 |
(cherry picked from commit b0473da67d72e43b9f03b703869069348e872efc)
|
|
|
e58a44 |
[rharwood@redhat.com: remove newer sections in make-certs.sh]
|
|
|
e58a44 |
---
|
|
|
e58a44 |
src/tests/dejagnu/pkinit-certs/make-certs.sh | 19 +++++++++----------
|
|
|
e58a44 |
1 file changed, 9 insertions(+), 10 deletions(-)
|
|
|
e58a44 |
|
|
|
e58a44 |
diff --git a/src/tests/dejagnu/pkinit-certs/make-certs.sh b/src/tests/dejagnu/pkinit-certs/make-certs.sh
|
|
|
e58a44 |
index 0f07709b0..0d8c2019a 100755
|
|
|
e58a44 |
--- a/src/tests/dejagnu/pkinit-certs/make-certs.sh
|
|
|
e58a44 |
+++ b/src/tests/dejagnu/pkinit-certs/make-certs.sh
|
|
|
e58a44 |
@@ -122,15 +122,14 @@ SUBJECT=ca openssl req -config openssl.cnf -new -x509 -extensions exts_ca \
|
|
|
e58a44 |
-set_serial 1 -days $DAYS -key privkey.pem -out ca.pem
|
|
|
e58a44 |
|
|
|
e58a44 |
# Generate a KDC certificate.
|
|
|
e58a44 |
-SUBJECT=kdc openssl req -config openssl.cnf -new -subj /CN=kdc \
|
|
|
e58a44 |
- -key privkey.pem -out kdc.csr
|
|
|
e58a44 |
+SUBJECT=kdc openssl req -config openssl.cnf -new -key privkey.pem -out kdc.csr
|
|
|
e58a44 |
SUBJECT=kdc openssl x509 -extfile openssl.cnf -extensions exts_kdc \
|
|
|
e58a44 |
-set_serial 2 -days $DAYS -req -CA ca.pem -CAkey privkey.pem \
|
|
|
e58a44 |
-out kdc.pem -in kdc.csr
|
|
|
e58a44 |
|
|
|
e58a44 |
# Generate a client certificate and PKCS#12 bundles.
|
|
|
e58a44 |
-SUBJECT=user openssl req -config openssl.cnf -new -subj /CN=user \
|
|
|
e58a44 |
- -key privkey.pem -out user.csr
|
|
|
e58a44 |
+SUBJECT=user openssl req -config openssl.cnf -new -key privkey.pem \
|
|
|
e58a44 |
+ -out user.csr
|
|
|
e58a44 |
SUBJECT=user openssl x509 -extfile openssl.cnf -extensions exts_client \
|
|
|
e58a44 |
-set_serial 3 -days $DAYS -req -CA ca.pem -CAkey privkey.pem \
|
|
|
e58a44 |
-out user.pem -in user.csr
|
|
|
e58a44 |
@@ -140,24 +139,24 @@ openssl pkcs12 -export -in user.pem -inkey privkey.pem -out user-enc.p12 \
|
|
|
e58a44 |
-passout pass:encrypted
|
|
|
e58a44 |
|
|
|
e58a44 |
# Generate a client certificate and PKCS#12 bundles with a UPN SAN.
|
|
|
e58a44 |
-SUBJECT=user openssl req -config openssl.cnf -new -subj /CN=user \
|
|
|
e58a44 |
- -key privkey.pem -out user-upn.csr
|
|
|
e58a44 |
+SUBJECT=user openssl req -config openssl.cnf -new -key privkey.pem \
|
|
|
e58a44 |
+ -out user-upn.csr
|
|
|
e58a44 |
SUBJECT=user openssl x509 -extfile openssl.cnf -extensions exts_upn_client \
|
|
|
e58a44 |
-set_serial 4 -days $DAYS -req -CA ca.pem -CAkey privkey.pem \
|
|
|
e58a44 |
-out user-upn.pem -in user-upn.csr
|
|
|
e58a44 |
openssl pkcs12 -export -in user-upn.pem -inkey privkey.pem -out user-upn.p12 \
|
|
|
e58a44 |
-passout pass:
|
|
|
e58a44 |
|
|
|
e58a44 |
-SUBJECT=user openssl req -config openssl.cnf -new -subj /CN=user \
|
|
|
e58a44 |
- -key privkey.pem -out user-upn2.csr
|
|
|
e58a44 |
+SUBJECT=user openssl req -config openssl.cnf -new -key privkey.pem \
|
|
|
e58a44 |
+ -out user-upn2.csr
|
|
|
e58a44 |
SUBJECT=user openssl x509 -extfile openssl.cnf -extensions exts_upn2_client \
|
|
|
e58a44 |
-set_serial 5 -days $DAYS -req -CA ca.pem -CAkey privkey.pem \
|
|
|
e58a44 |
-out user-upn2.pem -in user-upn2.csr
|
|
|
e58a44 |
openssl pkcs12 -export -in user-upn2.pem -inkey privkey.pem \
|
|
|
e58a44 |
-out user-upn2.p12 -passout pass:
|
|
|
e58a44 |
|
|
|
e58a44 |
-SUBJECT=user openssl req -config openssl.cnf -new -subj /CN=user \
|
|
|
e58a44 |
- -key privkey.pem -out user-upn3.csr
|
|
|
e58a44 |
+SUBJECT=user openssl req -config openssl.cnf -new -key privkey.pem \
|
|
|
e58a44 |
+ -out user-upn3.csr
|
|
|
e58a44 |
SUBJECT=user openssl x509 -extfile openssl.cnf -extensions exts_upn3_client \
|
|
|
e58a44 |
-set_serial 6 -days $DAYS -req -CA ca.pem -CAkey privkey.pem \
|
|
|
e58a44 |
-out user-upn3.pem -in user-upn3.csr
|