From 7d4941715b5afc2ef8ea18716990d28965737c70 Mon Sep 17 00:00:00 2001
From: Stef Walter <stef@thewalter.net>
Date: Thu, 4 Jul 2013 15:48:38 +0200
Subject: trust: Port to use CKA_PUBLIC_KEY_INFO and updated trust store spec

 * Use the concepts and PKCS#11 objects described in the
   recently updated (still work in progress) storing trust spec.
 * Define our own CKA_X_PUBLIC_KEY_INFO define for now, since the
   the CKA_PUBLIC_KEY_INFO isn't defined yet.
 * Most notably, the association between certificates and stapled
   extensions is by public key.
 * Rework some of the tests to take into account the above.
---
 build/certs/Makefile.am | 19 ++++++++++---------
 1 file changed, 10 insertions(+), 9 deletions(-)

(limited to 'build/certs')

diff --git a/build/certs/Makefile.am b/build/certs/Makefile.am
index 4231591..031cba0 100644
--- a/build/certs/Makefile.am
+++ b/build/certs/Makefile.am
@@ -4,27 +4,28 @@
 # distributed in the tarballs
 
 TRUST = $(top_srcdir)/trust/tests
-TOOLS = $(top_srcdir)/tools/tests
 
 prepare-certs:
 	cp -v cacert3.der $(TRUST)/input/anchors
 	cp -v cacert3.der $(TRUST)/files
-	cp -v cacert3.der $(TOOLS)/files
+	cp -v cacert3.der $(TRUST)/files
+	openssl x509 -in cacert3.der -inform DER -out $(TRUST)/files/cacert3.pem
 	openssl x509 -in cacert3.der -inform DER -out $(TRUST)/files/cacert3.pem
-	openssl x509 -in cacert3.der -inform DER -out $(TOOLS)/files/cacert3.pem
-	cat $(TOOLS)/files/cacert3.pem $(TOOLS)/files/cacert3.pem > $(TOOLS)/files/cacert3-twice.pem
+	cat $(TRUST)/files/cacert3.pem $(TRUST)/files/cacert3.pem > $(TRUST)/files/cacert3-twice.pem
 	openssl x509 -in cacert3.der -inform DER -out $(TRUST)/files/cacert3-trusted.pem \
 		-addtrust serverAuth -addreject emailProtection \
 		-setalias "Custom Label"
-	cp $(TRUST)/files/cacert3-trusted.pem $(TOOLS)/files/cacert3-trusted-server-alias.pem
-	openssl x509 -in cacert3.der -inform DER -out $(TOOLS)/files/cacert3-trusted-alias.pem \
+	cp $(TRUST)/files/cacert3-trusted.pem $(TRUST)/files/cacert3-trusted-server-alias.pem
+	openssl x509 -in cacert3.der -inform DER -out $(TRUST)/files/cacert3-trusted-alias.pem \
 		-setalias "Custom Label"
-	openssl x509 -in cacert3.der -inform DER -out $(TOOLS)/files/cacert3-distrust-all.pem \
+	openssl x509 -in cacert3.der -inform DER -out $(TRUST)/files/cacert3-distrust-all.pem \
 		-addreject serverAuth -addreject clientAuth -addreject codeSigning \
 		-addreject emailProtection -addreject ipsecEndSystem -addreject ipsecTunnel \
 		-addreject ipsecUser -addreject timeStamping
-	cat $(TOOLS)/files/cacert3-trusted-server-alias.pem \
-		$(TOOLS)/files/cacert3-trusted-alias.pem > $(TOOLS)/files/cacert3-trusted-multiple.pem
+	openssl x509 -in verisign-v1.der -inform DER -out $(TRUST)/files/verisign-v1.pem \
+		-setalias "Custom Label"
+	cat $(TRUST)/files/cacert3-trusted-server-alias.pem \
+		$(TRUST)/files/verisign-v1.pem > $(TRUST)/files/multiple.pem
 	cp -v cacert-ca.der $(TRUST)/input
 	cp -v cacert-ca.der $(TRUST)/files
 	openssl x509 -in redhat-newca.der -inform DER -out $(TRUST)/files/distrusted.pem \
-- 
cgit v1.1