diff options
author | Stef Walter <stef@thewalter.net> | 2013-07-04 15:48:38 +0200 |
---|---|---|
committer | Stef Walter <stef@thewalter.net> | 2013-07-04 15:48:38 +0200 |
commit | 7d4941715b5afc2ef8ea18716990d28965737c70 (patch) | |
tree | 65b860118fbcf084b855e3e8d78c818b6b8fe765 /build/certs | |
parent | 2be55821c1ffab99b91c76c43c91dd95db1c21c7 (diff) |
trust: Port to use CKA_PUBLIC_KEY_INFO and updated trust store spec
* Use the concepts and PKCS#11 objects described in the
recently updated (still work in progress) storing trust spec.
* Define our own CKA_X_PUBLIC_KEY_INFO define for now, since the
the CKA_PUBLIC_KEY_INFO isn't defined yet.
* Most notably, the association between certificates and stapled
extensions is by public key.
* Rework some of the tests to take into account the above.
Diffstat (limited to 'build/certs')
-rw-r--r-- | build/certs/Makefile.am | 19 |
1 files changed, 10 insertions, 9 deletions
diff --git a/build/certs/Makefile.am b/build/certs/Makefile.am index 4231591..031cba0 100644 --- a/build/certs/Makefile.am +++ b/build/certs/Makefile.am @@ -4,27 +4,28 @@ # distributed in the tarballs TRUST = $(top_srcdir)/trust/tests -TOOLS = $(top_srcdir)/tools/tests prepare-certs: cp -v cacert3.der $(TRUST)/input/anchors cp -v cacert3.der $(TRUST)/files - cp -v cacert3.der $(TOOLS)/files + cp -v cacert3.der $(TRUST)/files + openssl x509 -in cacert3.der -inform DER -out $(TRUST)/files/cacert3.pem openssl x509 -in cacert3.der -inform DER -out $(TRUST)/files/cacert3.pem - openssl x509 -in cacert3.der -inform DER -out $(TOOLS)/files/cacert3.pem - cat $(TOOLS)/files/cacert3.pem $(TOOLS)/files/cacert3.pem > $(TOOLS)/files/cacert3-twice.pem + cat $(TRUST)/files/cacert3.pem $(TRUST)/files/cacert3.pem > $(TRUST)/files/cacert3-twice.pem openssl x509 -in cacert3.der -inform DER -out $(TRUST)/files/cacert3-trusted.pem \ -addtrust serverAuth -addreject emailProtection \ -setalias "Custom Label" - cp $(TRUST)/files/cacert3-trusted.pem $(TOOLS)/files/cacert3-trusted-server-alias.pem - openssl x509 -in cacert3.der -inform DER -out $(TOOLS)/files/cacert3-trusted-alias.pem \ + cp $(TRUST)/files/cacert3-trusted.pem $(TRUST)/files/cacert3-trusted-server-alias.pem + openssl x509 -in cacert3.der -inform DER -out $(TRUST)/files/cacert3-trusted-alias.pem \ -setalias "Custom Label" - openssl x509 -in cacert3.der -inform DER -out $(TOOLS)/files/cacert3-distrust-all.pem \ + openssl x509 -in cacert3.der -inform DER -out $(TRUST)/files/cacert3-distrust-all.pem \ -addreject serverAuth -addreject clientAuth -addreject codeSigning \ -addreject emailProtection -addreject ipsecEndSystem -addreject ipsecTunnel \ -addreject ipsecUser -addreject timeStamping - cat $(TOOLS)/files/cacert3-trusted-server-alias.pem \ - $(TOOLS)/files/cacert3-trusted-alias.pem > $(TOOLS)/files/cacert3-trusted-multiple.pem + openssl x509 -in verisign-v1.der -inform DER -out $(TRUST)/files/verisign-v1.pem \ + -setalias "Custom Label" + cat $(TRUST)/files/cacert3-trusted-server-alias.pem \ + $(TRUST)/files/verisign-v1.pem > $(TRUST)/files/multiple.pem cp -v cacert-ca.der $(TRUST)/input cp -v cacert-ca.der $(TRUST)/files openssl x509 -in redhat-newca.der -inform DER -out $(TRUST)/files/distrusted.pem \ |