diff options
author | Job Snijders <job@sobornost.net> | 2024-01-10 17:15:52 +0000 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2024-01-15 10:40:01 +0100 |
commit | 4e5bf933131863e0459d7b39931d464fef77b078 (patch) | |
tree | 1ca2f5c4702aa4d977c9aa5b0462e79e593473e7 /test/recipes/25-test_x509.t | |
parent | df04e81794ac3083804c34c173eb2b2fa55d373d (diff) | |
download | openssl-4e5bf933131863e0459d7b39931d464fef77b078.tar.gz |
Add apps/x509 -set_issuer & -set_subject option to override issuer & subject
This changeset adds the counterpart to the '-subj' option to allow overriding
the Issuer. For consistency, the `-subj` option is aliased to `-set_subject`.
The issuer can be specified as following apps/openssl x509 -new -set_issuer
'/CN=example-nro-ta' -subj '/CN=2a7dd1d787d793e4c8af56e197d4eed92af6ba13' ...
This is useful in constructing specific test-cases or rechaining PKI trees
Joint work with George Michaelson (@geeohgeegeeoh)
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23257)
Diffstat (limited to 'test/recipes/25-test_x509.t')
-rw-r--r-- | test/recipes/25-test_x509.t | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/test/recipes/25-test_x509.t b/test/recipes/25-test_x509.t index 9b11169a98..eeb8083506 100644 --- a/test/recipes/25-test_x509.t +++ b/test/recipes/25-test_x509.t @@ -16,7 +16,7 @@ use OpenSSL::Test qw/:DEFAULT srctop_file/; setup("test_x509"); -plan tests => 44; +plan tests => 46; # Prevent MSys2 filename munging for arguments that look like file paths but # aren't @@ -81,6 +81,15 @@ ok(run(app(["openssl", "pkey", "-in", $pkey, "-pubout", "-out", $pubkey])) # not unlinking $pubkey # not unlinking $selfout +# test -set_issuer option +my $ca_issu = srctop_file(@certs, "ca-cert.pem"); # issuer cert +my $caout_issu = "ca-issu.out"; +ok(run(app(["openssl", "x509", "-new", "-force_pubkey", $key, "-subj", "/CN=EE", + "-set_issuer", "/CN=TEST-CA", "-extfile", $extfile, "-CA", $ca_issu, + "-CAkey", $pkey, "-text", "-out", $caout_issu]))); +ok(get_issuer($caout_issu) =~ /CN=TEST-CA/); +# not unlinking $caout + # simple way of directly producing a CA-signed cert with private/pubkey input my $ca = srctop_file(@certs, "ca-cert.pem"); # issuer cert my $caout = "ca-issued.out"; |