Commit cb0585c2 authored by Dr. Stephen Henson's avatar Dr. Stephen Henson
Browse files

Create DSA and ECDSA certificates. 



If supported create DSA and ECDSA certificates and test them.

Reviewed-by: default avatarMatt Caswell <matt@openssl.org>
parent 0b58c6ad

test/Uss.cnf

+19 −14
Original line number Diff line number Diff line
@@ -4,6 +4,7 @@ 
#



RANDFILE		= ./.rnd

CN2 = Brother 2



####################################################################

[ req ]
@@ -12,25 +13,29 @@ default_keyfile = keySS.pem 
distinguished_name	= req_distinguished_name

encrypt_rsa_key		= no

default_md		    = sha256

prompt              = no



[ req_distinguished_name ]

countryName			= Country Name (2 letter code)

countryName_default		= AU

countryName_value		= AU



organizationName                = Organization Name (eg, company)

organizationName_value          = Dodgy Brothers



0.commonName			= Common Name (eg, YOUR name)

0.commonName_value		= Brother 1



1.commonName			= Common Name (eg, YOUR name)

1.commonName_value		= Brother 2

countryName         = AU

organizationName    = Dodgy Brothers

0.commonName        = Brother 1

1.commonName		= $ENV::CN2



[ v3_ee ]

subjectKeyIdentifier=hash

authorityKeyIdentifier=keyid,issuer:always

basicConstraints = CA:false

keyUsage = nonRepudiation, digitalSignature, keyEncipherment

issuerAltName=issuer:copy



[ v3_ee_dsa ]

subjectKeyIdentifier=hash

authorityKeyIdentifier=keyid:always

basicConstraints = CA:false

keyUsage = nonRepudiation, digitalSignature



[ v3_ee_ec ]

subjectKeyIdentifier=hash

authorityKeyIdentifier=keyid:always

basicConstraints = CA:false

keyUsage = nonRepudiation, digitalSignature, keyAgreement

test/testss

+42 −1
Original line number Diff line number Diff line
@@ -18,6 +18,14 @@ Ukey="keyU.ss" 
Ureq="reqU.ss"

Ucert="certU.ss"



Dkey="keyD.ss"

Dreq="reqD.ss"

Dcert="certD.ss"



Ekey="keyE.ss"

Ereq="reqE.ss"

Ecert="certE.ss"



P1conf="P1ss.cnf"

P1key="keyP1.ss"

P1req="reqP1.ss"
@@ -33,8 +41,10 @@ P2intermediate="tmp_intP2.ss" 


echo string to make the random number generator think it has entropy >> ./.rnd



req_dsa='-newkey dsa:../apps/dsa1024.pem'



if ../util/shlib_wrap.sh ../apps/openssl no-rsa >/dev/null; then

  req_new='-newkey dsa:../apps/dsa512.pem'

  req_new=$req_dsa

else

  req_new='-new'

fi
@@ -67,6 +77,37 @@ $verifycmd -CAfile $CAcert $Ucert || exit 1 
echo Certificate details

$x509cmd -subject -issuer -startdate -enddate -noout -in $Ucert || exit 1



if ../util/shlib_wrap.sh ../apps/openssl no-dsa >/dev/null; then

        echo skipping DSA certificate creation

else

        echo make a DSA user cert request

        CN2="DSA Certificate" $reqcmd -config $Uconf -out $Dreq -keyout $Dkey $req_dsa >err.ss || exit 1



        echo sign DSA user cert request

        $x509cmd -CAcreateserial -in $Dreq -days 30 -req -out $Dcert -CA $CAcert -CAkey $CAkey -CAserial $CAserial -extfile $Uconf -extensions v3_ee_dsa >err.ss || exit 1

        $verifycmd -CAfile $CAcert $Dcert || exit 1



        echo DSA Certificate details

        $x509cmd -subject -issuer -startdate -enddate -noout -in $Dcert || exit 1



fi



if ../util/shlib_wrap.sh ../apps/openssl no-ec >/dev/null; then

        echo skipping ECDSA/ECDH certificate creation

else

        echo make an ECDSA/ECDH user cert request

        ../util/shlib_wrap.sh ../apps/openssl ecparam -name P-256 -out ecp.ss || exit 1

        CN2="ECDSA Certificate" $reqcmd -config $Uconf -out $Ereq -keyout $Ekey -newkey ec:ecp.ss >err.ss || exit 1



        echo sign ECDSA/ECDH user cert request

        $x509cmd -CAcreateserial -in $Ereq -days 30 -req -out $Ecert -CA $CAcert -CAkey $CAkey -CAserial $CAserial -extfile $Uconf -extensions v3_ee_ec >err.ss || exit 1

        $verifycmd -CAfile $CAcert $Ecert || exit 1



        echo ECDSA Certificate details

        $x509cmd -subject -issuer -startdate -enddate -noout -in $Ecert || exit 1



fi



echo make a proxy cert request

$reqcmd -config $P1conf -out $P1req -keyout $P1key $req_new >err.ss || exit 1