diff options
author | Matt Caswell <matt@openssl.org> | 2019-08-08 11:08:14 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2019-08-09 13:19:16 +0100 |
commit | 39d9ea5e502114a204750f641ca76ff5b4912401 (patch) | |
tree | 43876ed175981773e430ffad0d9c81ad2be15011 /test/certs/setup.sh | |
parent | 9bcc9f973b2a216461dd6f140e47ef647eb733b4 (diff) | |
download | openssl-39d9ea5e502114a204750f641ca76ff5b4912401.tar.gz |
Add Restricted PSS certificate and key
Create a PSS certificate with parameter restrictions
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9553)
Diffstat (limited to 'test/certs/setup.sh')
-rwxr-xr-x | test/certs/setup.sh | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/test/certs/setup.sh b/test/certs/setup.sh index 53d4a807a7..26b2f1ddfe 100755 --- a/test/certs/setup.sh +++ b/test/certs/setup.sh @@ -369,3 +369,9 @@ REQMASK=MASK:0x800 ./mkcert.sh req badalt7-key "O = Bad NC Test Certificate 7" \ OPENSSL_KEYALG=ec OPENSSL_KEYBITS=brainpoolP256r1 ./mkcert.sh genee \ "Server ECDSA brainpoolP256r1 cert" server-ecdsa-brainpoolP256r1-key \ server-ecdsa-brainpoolP256r1-cert rootkey rootcert + +openssl req -new -nodes -subj "/CN=localhost" \ + -newkey rsa-pss -keyout server-pss-restrict-key.pem \ + -pkeyopt rsa_pss_keygen_md:sha256 -pkeyopt rsa_pss_keygen_saltlen:32 | \ + ./mkcert.sh geneenocsr "Server RSA-PSS restricted cert" \ + server-pss-restrict-cert rootkey rootcert |