setup("test_req");
-plan tests => 42;
+plan tests => 43;
require_ok(srctop_file('test', 'recipes', 'tconversion.pl'));
# Check for duplicate -addext parameters, and one "working" case.
my @addext_args = ( "openssl", "req", "-new", "-out", "testreq.pem",
+ "-key", srctop_file("test", "certs", "ee-key.pem"),
"-config", srctop_file("test", "test.cnf"), @req_new );
my $val = "subjectAltName=DNS:example.com";
my $val2 = " " . $val;
subtest "generating certificate requests with RSA" => sub {
- plan tests => 2;
+ plan tests => 7;
SKIP: {
skip "RSA is not supported by this OpenSSL build", 2
if disabled("rsa");
+ ok(!run(app(["openssl", "req",
+ "-config", srctop_file("test", "test.cnf"),
+ "-new", "-out", "testreq-rsa.pem", "-utf8",
+ "-key", srctop_file("test", "testrsa.pem"),
+ "-keyform", "DER"])),
+ "Checking that mismatching keyform fails");
+
ok(run(app(["openssl", "req",
"-config", srctop_file("test", "test.cnf"),
"-new", "-out", "testreq-rsa.pem", "-utf8",
- "-key", srctop_file("test", "testrsa.pem")])),
+ "-key", srctop_file("test", "testrsa.pem"),
+ "-keyform", "PEM"])),
"Generating request");
ok(run(app(["openssl", "req",
"-config", srctop_file("test", "test.cnf"),
"-verify", "-in", "testreq-rsa.pem", "-noout"])),
"Verifying signature on request");
+
+ ok(run(app(["openssl", "req",
+ "-config", srctop_file("test", "test.cnf"),
+ "-new", "-out", "testreq_withattrs_pem.pem", "-utf8",
+ "-key", srctop_file("test", "testrsa_withattrs.pem")])),
+ "Generating request from a key with extra attributes - PEM");
+
+ ok(run(app(["openssl", "req",
+ "-config", srctop_file("test", "test.cnf"),
+ "-verify", "-in", "testreq_withattrs_pem.pem", "-noout"])),
+ "Verifying signature on request from a key with extra attributes - PEM");
+
+ ok(run(app(["openssl", "req",
+ "-config", srctop_file("test", "test.cnf"),
+ "-new", "-out", "testreq_withattrs_der.pem", "-utf8",
+ "-key", srctop_file("test", "testrsa_withattrs.der"),
+ "-keyform", "DER"])),
+ "Generating request from a key with extra attributes - PEM");
+
+ ok(run(app(["openssl", "req",
+ "-config", srctop_file("test", "test.cnf"),
+ "-verify", "-in", "testreq_withattrs_der.pem", "-noout"])),
+ "Verifying signature on request from a key with extra attributes - PEM");
+ }
+};
+
+subtest "generating certificate requests with RSA-PSS" => sub {
+ plan tests => 12;
+
+ SKIP: {
+ skip "RSA is not supported by this OpenSSL build", 2
+ if disabled("rsa");
+
+ ok(run(app(["openssl", "req",
+ "-config", srctop_file("test", "test.cnf"),
+ "-new", "-out", "testreq-rsapss.pem", "-utf8",
+ "-key", srctop_file("test", "testrsapss.pem")])),
+ "Generating request");
+ ok(run(app(["openssl", "req",
+ "-config", srctop_file("test", "test.cnf"),
+ "-verify", "-in", "testreq-rsapss.pem", "-noout"])),
+ "Verifying signature on request");
+
+ ok(run(app(["openssl", "req",
+ "-config", srctop_file("test", "test.cnf"),
+ "-new", "-out", "testreq-rsapss2.pem", "-utf8",
+ "-sigopt", "rsa_padding_mode:pss",
+ "-sigopt", "rsa_pss_saltlen:-1",
+ "-key", srctop_file("test", "testrsapss.pem")])),
+ "Generating request");
+ ok(run(app(["openssl", "req",
+ "-config", srctop_file("test", "test.cnf"),
+ "-verify", "-in", "testreq-rsapss2.pem", "-noout"])),
+ "Verifying signature on request");
+
+ ok(run(app(["openssl", "req",
+ "-config", srctop_file("test", "test.cnf"),
+ "-new", "-out", "testreq-rsapssmand.pem", "-utf8",
+ "-sigopt", "rsa_padding_mode:pss",
+ "-key", srctop_file("test", "testrsapssmandatory.pem")])),
+ "Generating request");
+ ok(run(app(["openssl", "req",
+ "-config", srctop_file("test", "test.cnf"),
+ "-verify", "-in", "testreq-rsapssmand.pem", "-noout"])),
+ "Verifying signature on request");
+
+ ok(run(app(["openssl", "req",
+ "-config", srctop_file("test", "test.cnf"),
+ "-new", "-out", "testreq-rsapssmand2.pem", "-utf8",
+ "-sigopt", "rsa_pss_saltlen:100",
+ "-key", srctop_file("test", "testrsapssmandatory.pem")])),
+ "Generating request");
+ ok(run(app(["openssl", "req",
+ "-config", srctop_file("test", "test.cnf"),
+ "-verify", "-in", "testreq-rsapssmand2.pem", "-noout"])),
+ "Verifying signature on request");
+
+ ok(!run(app(["openssl", "req",
+ "-config", srctop_file("test", "test.cnf"),
+ "-new", "-out", "testreq-rsapss3.pem", "-utf8",
+ "-sigopt", "rsa_padding_mode:pkcs1",
+ "-key", srctop_file("test", "testrsapss.pem")])),
+ "Generating request with expected failure");
+
+ ok(!run(app(["openssl", "req",
+ "-config", srctop_file("test", "test.cnf"),
+ "-new", "-out", "testreq-rsapss3.pem", "-utf8",
+ "-sigopt", "rsa_pss_saltlen:-4",
+ "-key", srctop_file("test", "testrsapss.pem")])),
+ "Generating request with expected failure");
+
+ ok(!run(app(["openssl", "req",
+ "-config", srctop_file("test", "test.cnf"),
+ "-new", "-out", "testreq-rsapssmand3.pem", "-utf8",
+ "-sigopt", "rsa_pss_saltlen:10",
+ "-key", srctop_file("test", "testrsapssmandatory.pem")])),
+ "Generating request with expected failure");
+
+ ok(!run(app(["openssl", "req",
+ "-config", srctop_file("test", "test.cnf"),
+ "-new", "-out", "testreq-rsapssmand3.pem", "-utf8",
+ "-sha256",
+ "-key", srctop_file("test", "testrsapssmandatory.pem")])),
+ "Generating request with expected failure");
}
};
plan tests => 2;
ok(run(app(["openssl", "req", "-config", srctop_file("test", "test.cnf"),
+ "-key", srctop_file("test", "certs", "ee-key.pem"),
@req_new, "-out", "testreq.pem"])),
"Generating request");