diff options
Diffstat (limited to 'tests/cert-extensions')
| -rw-r--r-- | tests/cert-extensions | 39 |
1 files changed, 6 insertions, 33 deletions
diff --git a/tests/cert-extensions b/tests/cert-extensions index a397ee5..9c5b977 100644 --- a/tests/cert-extensions +++ b/tests/cert-extensions @@ -4,13 +4,13 @@ x509_check() { local cert="$1" ext out out="$(mktemp --tmpdir)" ext="basicConstraints,subjectAltName,keyUsage,extendedKeyUsage,tlsfeature" - openssl x509 -noout -subject -ext "$ext" -nameopt compat <"$cert" >"$out" + openssl x509 -in "$cert" -noout -subject -ext "$ext" -nameopt compat >"$out" diff --unified --color=auto -b --label="a/${cert#/}" --label="b/${cert#/}" -- - "$out" } # default settings (the ACME server adds a subjectAltName with the Common Name) openssl genpkey -algorithm RSA -out /etc/lacme/test1.key -commonName="$(head -c10 /dev/urandom | base32 -w0 | tr "[A-Z]" "[a-z]").$DOMAINNAME" +commonName="$(head -c10 /dev/urandom | base32 -w0 | tr "A-Z" "a-z").$DOMAINNAME" cat >"/etc/lacme/lacme-certs.conf.d/test1.conf" <<- EOF [test1] certificate-key = /etc/lacme/test1.key @@ -25,7 +25,7 @@ x509_check /etc/lacme/test1.crt <<-EOF X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: - TLS Web Server Authentication, TLS Web Client Authentication + TLS Web Server Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Alternative Name: @@ -34,10 +34,10 @@ EOF # subjectAltName openssl genpkey -algorithm RSA -out /etc/lacme/test2.key -commonName="$(head -c10 /dev/urandom | base32 -w0 | tr "[A-Z]" "[a-z]").$DOMAINNAME" +commonName="$(head -c10 /dev/urandom | base32 -w0 | tr "A-Z" "a-z").$DOMAINNAME" subjectAltName="" for i in $(seq 1 8); do - subjectAltName="${subjectAltName:+"$subjectAltName "}$(head -c10 /dev/urandom | base32 -w0 | tr "[A-Z]" "[a-z]").$DOMAINNAME" + subjectAltName="${subjectAltName:+"$subjectAltName "}$(head -c10 /dev/urandom | base32 -w0 | tr "A-Z" "a-z").$DOMAINNAME" done cat >"/etc/lacme/lacme-certs.conf.d/test2.conf" <<- EOF [test2] @@ -54,38 +54,11 @@ x509_check /etc/lacme/test2.crt <<-EOF X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: - TLS Web Server Authentication, TLS Web Client Authentication + TLS Web Server Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Alternative Name: DNS:$(echo "$commonName" "$subjectAltName" | tr " " "\\n" | sort -u | paste -sd" " | sed -r "s/ /, DNS:/g") EOF -# tlsfeature -openssl genpkey -algorithm RSA -out /etc/lacme/test3.key -commonName="$(head -c10 /dev/urandom | base32 -w0 | tr "[A-Z]" "[a-z]").$DOMAINNAME" -cat >"/etc/lacme/lacme-certs.conf.d/test3.conf" <<- EOF - [test3] - certificate-key = /etc/lacme/test3.key - certificate-chain = /etc/lacme/test3.crt - subject = /CN=$commonName - tlsfeature = status_request -EOF - -lacme newOrder test3 -test /etc/lacme/test3.crt -nt /etc/lacme/test3.key -x509_check /etc/lacme/test3.crt <<-EOF - subject=/CN=$commonName - X509v3 Key Usage: critical - Digital Signature, Key Encipherment - X509v3 Extended Key Usage: - TLS Web Server Authentication, TLS Web Client Authentication - X509v3 Basic Constraints: critical - CA:FALSE - X509v3 Subject Alternative Name: - DNS:$commonName - TLS Feature: - status_request -EOF - # vim: set filetype=sh : |