From 86e60637394340ef2fa3b3db6b451dac1d73052b Mon Sep 17 00:00:00 2001 From: Stef Walter Date: Thu, 14 Mar 2013 10:05:17 +0100 Subject: trust: Rework input path treatment * Accept a single --with-trust-paths argument to ./configure which cotnains all the input paths. * The --with-system-anchors and --with-system-certificates ./configure arguments are no longer supported. Since they were only present briefly, no provision is made for backwards compatibility. * Each input file is treated as containing anchors by default unless an input certificate contains detailed trust information. * The files in each input directory are not automatically treated as anchors unless a certificate contains detailed trust information. * The files in anchors/ subdirectory of each input directory are automatically marked as anchors. * The files in the blacklist/ subdirectory of each input directory are automatically marked as blacklisted. * Update tests and move around test certificates so we can test these changes. https://bugs.freedesktop.org/show_bug.cgi?id=62327 --- build/certs/Makefile.am | 13 +++++++------ build/certs/self-signed-with-ku.der | Bin 501 -> 478 bytes 2 files changed, 7 insertions(+), 6 deletions(-) (limited to 'build/certs') diff --git a/build/certs/Makefile.am b/build/certs/Makefile.am index 4428a2e..1d57935 100644 --- a/build/certs/Makefile.am +++ b/build/certs/Makefile.am @@ -7,7 +7,7 @@ TRUST = $(top_srcdir)/trust/tests TOOLS = $(top_srcdir)/tools/tests prepare-certs: - cp -v cacert3.der $(TRUST)/anchors + cp -v cacert3.der $(TRUST)/input/anchors cp -v cacert3.der $(TRUST)/files cp -v cacert3.der $(TOOLS)/files openssl x509 -in cacert3.der -inform DER -out $(TRUST)/files/cacert3.pem @@ -25,14 +25,15 @@ prepare-certs: -addreject ipsecUser -addreject timeStamping cat $(TOOLS)/files/cacert3-trusted-client-server-alias.pem \ $(TOOLS)/files/cacert3-trusted-alias.pem > $(TOOLS)/files/cacert3-trusted-multiple.pem - cp -v cacert-ca.der $(TRUST)/certificates + cp -v cacert-ca.der $(TRUST)/input cp -v cacert-ca.der $(TRUST)/files openssl x509 -in redhat-newca.der -inform DER -out $(TRUST)/files/distrusted.pem \ -addreject clientAuth -setalias "Red Hat Is the CA" - cp -v self-server.der $(TRUST)/files - cp -v self-signed-with-eku.der $(TRUST)/certificates - cp -v self-signed-with-ku.der $(TRUST)/certificates - cp -v testing-ca.der $(TRUST)/anchors + cp -v $(TRUST)/files/distrusted.pem $(TRUST)/input + cp -v self-server.der $(TRUST)/input/blacklist + cp -v self-signed-with-eku.der $(TRUST)/files + cp -v self-signed-with-ku.der $(TRUST)/files + cp -v testing-ca.der $(TRUST)/input/anchors cp -v testing-server.der $(TRUST)/files # Rebuild the self-signed certificates. This is almost never necessary and diff --git a/build/certs/self-signed-with-ku.der b/build/certs/self-signed-with-ku.der index e6f36e3..51bb227 100644 Binary files a/build/certs/self-signed-with-ku.der and b/build/certs/self-signed-with-ku.der differ -- cgit v1.1