diff options
| author | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2022-08-26 20:40:48 +0200 |
|---|---|---|
| committer | Dr. David von Oheimb <dev@ddvo.net> | 2023-03-14 17:26:49 +0100 |
| commit | 0e89b396197f75993c8d64c07b4af6aa2d97e2af (patch) | |
| tree | a79eb907eefb1c1cd5a84891564511e8e5f6879b /test/smime-certs | |
| parent | b7cc2d2f295efc342cd46e7e59f93e0ac0472dc0 (diff) | |
| download | openssl-0e89b396197f75993c8d64c07b4af6aa2d97e2af.tar.gz | |
apps/x509 etc.: allow private key input when public key is expected
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19076)
Diffstat (limited to 'test/smime-certs')
| -rw-r--r-- | test/smime-certs/mksmime-certs.sh | 42 |
1 files changed, 19 insertions, 23 deletions
diff --git a/test/smime-certs/mksmime-certs.sh b/test/smime-certs/mksmime-certs.sh index 6396f6f704..160fcbfb4f 100644 --- a/test/smime-certs/mksmime-certs.sh +++ b/test/smime-certs/mksmime-certs.sh @@ -6,11 +6,17 @@ # in the file LICENSE in the source distribution or at # https://www.openssl.org/source/license.html -# Utility to recreate S/MIME certificates +# Utility to recreate S/MIME certificates in this directory. +# Invoke when changes are need from within this directory. OPENSSL=../../apps/openssl -OPENSSL_CONF=./ca.cnf -export OPENSSL_CONF +CONF=ca.cnf +export OPENSSL_CONF=./$CONF + +gen() { + $OPENSSL x509 -CA smroot.pem -new -days 36524 -force_pubkey $1 -subj "$2" \ + -extfile $CONF -extensions $3 +} # Root CA: create certificate directly CN="Test S/MIME RSA Root" $OPENSSL req -config ca.cnf -x509 -noenc \ @@ -18,35 +24,27 @@ CN="Test S/MIME RSA Root" $OPENSSL req -config ca.cnf -x509 -noenc \ # EE RSA certificates with respective extensions cp ../certs/ee-key.pem smrsa1.pem -$OPENSSL x509 -new -key smrsa1.pem -subj "/CN=Test SMIME EE RSA #1" -days 36524 \ - -CA smroot.pem -extfile ca.cnf -extensions usr_rsa_cert >>smrsa1.pem +gen smrsa1.pem "/CN=Test SMIME EE RSA #1" usr_rsa_cert >>smrsa1.pem cp ../certs/ee-key-3072.pem smrsa2.pem -$OPENSSL x509 -new -key smrsa2.pem -subj "/CN=Test SMIME EE RSA #2" -days 36524 \ - -CA smroot.pem -extfile ca.cnf -extensions usr_rsa_cert >>smrsa2.pem +gen smrsa2.pem "/CN=Test SMIME EE RSA #2" usr_rsa_cert >>smrsa2.pem cp ../certs/ee-key-4096.pem smrsa3.pem -$OPENSSL x509 -new -key smrsa3.pem -subj "/CN=Test SMIME EE RSA #3" -days 36524 \ - -CA smroot.pem -extfile ca.cnf -extensions usr_rsa_cert >>smrsa3.pem +gen smrsa3.pem "/CN=Test SMIME EE RSA #3" usr_rsa_cert >>smrsa3.pem # Create DSA certificates with respective extensions cp ../certs/server-dsa-key.pem smdsa1.pem -$OPENSSL x509 -new -key smdsa1.pem -subj "/CN=Test SMIME EE DSA #1" -days 36524 \ - -CA smroot.pem -extfile ca.cnf -extensions signer_cert >>smdsa1.pem +gen smdsa1.pem "/CN=Test SMIME EE DSA #1" signer_cert >>smdsa1.pem cp ../certs/server-dsa-key.pem smdsa2.pem -$OPENSSL x509 -new -key smdsa2.pem -subj "/CN=Test SMIME EE DSA #1" -days 36524 \ - -CA smroot.pem -extfile ca.cnf -extensions signer_cert >>smdsa2.pem +gen smdsa2.pem "/CN=Test SMIME EE DSA #1" signer_cert >>smdsa2.pem cp ../certs/server-dsa-key.pem smdsa3.pem -$OPENSSL x509 -new -key smdsa3.pem -subj "/CN=Test SMIME EE DSA #1" -days 36524 \ - -CA smroot.pem -extfile ca.cnf -extensions signer_cert >>smdsa3.pem +gen smdsa3.pem "/CN=Test SMIME EE DSA #1" signer_cert >>smdsa3.pem # Create EC certificates with respective extensions cp ../certs/ee-ecdsa-key.pem smec1.pem -$OPENSSL x509 -new -key smec1.pem -subj "/CN=Test SMIME EE EC #1" -days 36524 \ - -CA smroot.pem -extfile ca.cnf -extensions signer_cert >>smec1.pem +gen smec1.pem "/CN=Test SMIME EE EC #1" signer_cert >>smec1.pem cp ../certs/server-ecdsa-key.pem smec2.pem -$OPENSSL x509 -new -key smec2.pem -subj "/CN=Test SMIME EE EC #2" -days 36524 \ - -CA smroot.pem -extfile ca.cnf -extensions signer_cert >>smec2.pem +gen smec2.pem "/CN=Test SMIME EE EC #2" signer_cert >>smec2.pem # Do not renew this cert as it is used for legacy data decrypt test #$OPENSSL ecparam -out ecp.pem -name P-256 @@ -61,10 +59,8 @@ $OPENSSL genpkey -genparam -algorithm DHX -out dhp.pem $OPENSSL genpkey -paramfile dhp.pem -out smdh.pem rm dhp.pem # Create X9.42 DH certificate with respective extensions -$OPENSSL x509 -new -key smdh.pem -subj "/CN=Test SMIME EE DH" -days 36524 \ - -CA smroot.pem -extfile ca.cnf -extensions dh_cert >>smdh.pem +gen smdh.pem "/CN=Test SMIME EE DH" dh_cert >>smdh.pem # EE RSA code signing end entity certificate with respective extensions cp ../certs/ee-key.pem csrsa1.pem -$OPENSSL x509 -new -key csrsa1.pem -subj "/CN=Test CodeSign EE RSA" -days 36524 \ - -CA smroot.pem -extfile ca.cnf -extensions codesign_cert >>csrsa1.pem +gen csrsa1.pem "/CN=Test CodeSign EE RSA" codesign_cert >>csrsa1.pem |