From 90d0b00313686a8e6a05e807c24d5c460718ba41 Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Thu, 24 Feb 2022 23:44:46 +0100 Subject: tests/certs/generate: Redirect known error output to the standard output. That way we can avoid using autopkgtest's 'allow-stderr' restriction. --- tests/certs/generate | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) (limited to 'tests/certs') diff --git a/tests/certs/generate b/tests/certs/generate index de379a0..36fce8b 100755 --- a/tests/certs/generate +++ b/tests/certs/generate @@ -10,10 +10,15 @@ cd "$BASEDIR" cadir="$(mktemp --tmpdir --directory)" trap 'rm -rf -- "$cadir"' EXIT INT TERM +genpkey() { + local key="$1" + shift + openssl genpkey -out "$key" "$@" 2>&1 +} # generate CA (we intentionally throw away the private key and serial # file to avoid reuse) -openssl genpkey -algorithm RSA -out "$cadir/ca.key" +genpkey "$cadir/ca.key" -algorithm RSA openssl req -new -x509 -rand /dev/urandom -subj "/OU=$OU/CN=Fake Root CA" -key "$cadir/ca.key" -out ./ca.crt SERIAL=1 @@ -31,14 +36,14 @@ new() { printf "subjectAltName = %s\\n" "$3" >>"$cadir/new-ext.cnf" fi openssl x509 -req -in "$cadir/new.csr" -CA ./ca.crt -CAkey "$cadir/ca.key" \ - -CAserial "$cadir/ca.srl" -CAcreateserial -extfile "$cadir/new-ext.cnf" + -CAserial "$cadir/ca.srl" -CAcreateserial -extfile "$cadir/new-ext.cnf" 2>&1 } -openssl genpkey -algorithm RSA -out ./dovecot.rsa.key +genpkey ./dovecot.rsa.key -algorithm RSA new ./dovecot.rsa.key "localhost" "DNS:localhost,DNS:ip6-localhost,IP:127.0.0.1,IP:::1" >./dovecot.rsa.crt -openssl genpkey -algorithm EC -pkeyopt ec_paramgen_curve:P-256 -pkeyopt ec_param_enc:named_curve -out ./dovecot.ecdsa.key +genpkey ./dovecot.ecdsa.key -algorithm EC -pkeyopt ec_paramgen_curve:P-256 -pkeyopt ec_param_enc:named_curve new ./dovecot.ecdsa.key "localhost" >./dovecot.ecdsa.crt -openssl genpkey -algorithm RSA -out ./dovecot.rsa2.key +genpkey ./dovecot.rsa2.key -algorithm RSA new ./dovecot.rsa2.key "imap.example.net" "DNS:imap.example.net,DNS:localhost" >./dovecot.rsa2.crt -- cgit v1.2.3 From 58c2c80b585fe51dea56ca13776b51f44ad68463 Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Thu, 24 Feb 2022 23:59:37 +0100 Subject: tests/certs/generate: Use custom openssl.cnf. To avoid depending on the system default. --- tests/certs/generate | 3 +++ tests/certs/openssl.cnf | 4 ++++ 2 files changed, 7 insertions(+) create mode 100644 tests/certs/openssl.cnf (limited to 'tests/certs') diff --git a/tests/certs/generate b/tests/certs/generate index 36fce8b..8e9c451 100755 --- a/tests/certs/generate +++ b/tests/certs/generate @@ -8,6 +8,9 @@ BASEDIR="$(dirname -- "$0")" OU="InterIMAP test suite" cd "$BASEDIR" +OPENSSL_CONF="./openssl.cnf" +export OPENSSL_CONF + cadir="$(mktemp --tmpdir --directory)" trap 'rm -rf -- "$cadir"' EXIT INT TERM genpkey() { diff --git a/tests/certs/openssl.cnf b/tests/certs/openssl.cnf new file mode 100644 index 0000000..b1af7b8 --- /dev/null +++ b/tests/certs/openssl.cnf @@ -0,0 +1,4 @@ +[ req ] +distinguished_name = req_distinguished_name + +[ req_distinguished_name ] -- cgit v1.2.3