summaryrefslogtreecommitdiff
path: root/build
diff options
context:
space:
mode:
authorStef Walter <stef@thewalter.net>2013-07-04 15:48:38 +0200
committerStef Walter <stef@thewalter.net>2013-07-04 15:48:38 +0200
commit7d4941715b5afc2ef8ea18716990d28965737c70 (patch)
tree65b860118fbcf084b855e3e8d78c818b6b8fe765 /build
parent2be55821c1ffab99b91c76c43c91dd95db1c21c7 (diff)
trust: Port to use CKA_PUBLIC_KEY_INFO and updated trust store spec
* Use the concepts and PKCS#11 objects described in the recently updated (still work in progress) storing trust spec. * Define our own CKA_X_PUBLIC_KEY_INFO define for now, since the the CKA_PUBLIC_KEY_INFO isn't defined yet. * Most notably, the association between certificates and stapled extensions is by public key. * Rework some of the tests to take into account the above.
Diffstat (limited to 'build')
-rw-r--r--build/certs/Makefile.am19
1 files changed, 10 insertions, 9 deletions
diff --git a/build/certs/Makefile.am b/build/certs/Makefile.am
index 4231591..031cba0 100644
--- a/build/certs/Makefile.am
+++ b/build/certs/Makefile.am
@@ -4,27 +4,28 @@
# distributed in the tarballs
TRUST = $(top_srcdir)/trust/tests
-TOOLS = $(top_srcdir)/tools/tests
prepare-certs:
cp -v cacert3.der $(TRUST)/input/anchors
cp -v cacert3.der $(TRUST)/files
- cp -v cacert3.der $(TOOLS)/files
+ cp -v cacert3.der $(TRUST)/files
+ openssl x509 -in cacert3.der -inform DER -out $(TRUST)/files/cacert3.pem
openssl x509 -in cacert3.der -inform DER -out $(TRUST)/files/cacert3.pem
- openssl x509 -in cacert3.der -inform DER -out $(TOOLS)/files/cacert3.pem
- cat $(TOOLS)/files/cacert3.pem $(TOOLS)/files/cacert3.pem > $(TOOLS)/files/cacert3-twice.pem
+ cat $(TRUST)/files/cacert3.pem $(TRUST)/files/cacert3.pem > $(TRUST)/files/cacert3-twice.pem
openssl x509 -in cacert3.der -inform DER -out $(TRUST)/files/cacert3-trusted.pem \
-addtrust serverAuth -addreject emailProtection \
-setalias "Custom Label"
- cp $(TRUST)/files/cacert3-trusted.pem $(TOOLS)/files/cacert3-trusted-server-alias.pem
- openssl x509 -in cacert3.der -inform DER -out $(TOOLS)/files/cacert3-trusted-alias.pem \
+ cp $(TRUST)/files/cacert3-trusted.pem $(TRUST)/files/cacert3-trusted-server-alias.pem
+ openssl x509 -in cacert3.der -inform DER -out $(TRUST)/files/cacert3-trusted-alias.pem \
-setalias "Custom Label"
- openssl x509 -in cacert3.der -inform DER -out $(TOOLS)/files/cacert3-distrust-all.pem \
+ openssl x509 -in cacert3.der -inform DER -out $(TRUST)/files/cacert3-distrust-all.pem \
-addreject serverAuth -addreject clientAuth -addreject codeSigning \
-addreject emailProtection -addreject ipsecEndSystem -addreject ipsecTunnel \
-addreject ipsecUser -addreject timeStamping
- cat $(TOOLS)/files/cacert3-trusted-server-alias.pem \
- $(TOOLS)/files/cacert3-trusted-alias.pem > $(TOOLS)/files/cacert3-trusted-multiple.pem
+ openssl x509 -in verisign-v1.der -inform DER -out $(TRUST)/files/verisign-v1.pem \
+ -setalias "Custom Label"
+ cat $(TRUST)/files/cacert3-trusted-server-alias.pem \
+ $(TRUST)/files/verisign-v1.pem > $(TRUST)/files/multiple.pem
cp -v cacert-ca.der $(TRUST)/input
cp -v cacert-ca.der $(TRUST)/files
openssl x509 -in redhat-newca.der -inform DER -out $(TRUST)/files/distrusted.pem \