#! /usr/bin/env perl
-# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
}
} elsif ($^O eq "MSWin32") {
plan skip_all => "Win32::API unavailable";
-} else {
+} elsif ($^O ne "VMS") {
# Running MinGW tests transparently under Wine apparently requires
# UTF-8 locale...
}
$ENV{OPENSSL_WIN32_UTF8}=1;
-plan tests => 7;
+plan tests => 13;
# Test different PKCS#12 formats
ok(run(test(["pkcs12_format_test"])), "test pkcs12 formats");
# Test with a non-default library context (and no loaded providers in the default context)
ok(run(test(["pkcs12_format_test", "-context"])), "test pkcs12 formats using a non-default library context");
-# just see that we can read shibboleth.pfx protected with $pass
-ok(run(app(["openssl", "pkcs12", "-noout",
- "-password", "pass:$pass",
- "-in", srctop_file("test", "shibboleth.pfx")])),
- "test_load_cert_pkcs12");
+SKIP: {
+ skip "VMS doesn't have command line UTF-8 support yet in DCL", 1
+ if $^O eq "VMS";
+
+ # just see that we can read shibboleth.pfx protected with $pass
+ ok(run(app(["openssl", "pkcs12", "-noout",
+ "-password", "pass:$pass",
+ "-in", srctop_file("test", "shibboleth.pfx")])),
+ "test_load_cert_pkcs12");
+}
my @path = qw(test certs);
my $outfile1 = "out1.p12";
my $outfile2 = "out2.p12";
my $outfile3 = "out3.p12";
+my $outfile4 = "out4.p12";
+my $outfile5 = "out5.p12";
# Test the -chain option with -untrusted
ok(run(app(["openssl", "pkcs12", "-export", "-chain",
}
SKIP: {
- skip "Skipping legacy PKCS#12 test because RC2 is disabled in this build", 1
- if disabled("rc2") || disabled("legacy");
+ skip "Skipping legacy PKCS#12 test because the required algorithms are disabled", 1
+ if disabled("des") || disabled("rc2") || disabled("legacy");
# Test reading legacy PKCS#12 file
ok(run(app(["openssl", "pkcs12", "-export",
"-in", srctop_file(@path, "v3-certs-RC2.p12"),
"test_pkcs12_passcerts_legacy");
}
+# Test export of PEM file with both cert and key
+# -nomac necessary to avoid legacy provider requirement
+ok(run(app(["openssl", "pkcs12", "-export",
+ "-inkey", srctop_file(@path, "cert-key-cert.pem"),
+ "-in", srctop_file(@path, "cert-key-cert.pem"),
+ "-passout", "pass:v3-certs",
+ "-nomac", "-out", $outfile4], stderr => "outerr.txt")),
+ "test_export_pkcs12_cert_key_cert");
+open DATA, "outerr.txt";
+my @match = grep /:error:/, <DATA>;
+close DATA;
+ok(scalar @match > 0 ? 0 : 1, "test_export_pkcs12_outerr_empty");
+
+ok(run(app(["openssl", "pkcs12",
+ "-in", $outfile4,
+ "-passin", "pass:v3-certs",
+ "-nomacver", "-nodes"])),
+ "test_import_pkcs12_cert_key_cert");
+
+ok(run(app(["openssl", "pkcs12", "-export", "-out", $outfile5,
+ "-in", srctop_file(@path, "ee-cert.pem"), "-caname", "testname",
+ "-nokeys", "-passout", "pass:", "-certpbe", "NONE"])),
+ "test nokeys single cert");
+
+my @pkcs12info = run(app(["openssl", "pkcs12", "-info", "-in", $outfile5,
+ "-passin", "pass:"]), capture => 1);
+
+# Test that with one input certificate, we get one output certificate
+ok(grep(/subject=CN\s*=\s*server.example/, @pkcs12info) == 1,
+ "test one cert in output");
+# Test that the expected friendly name is present in the output
+ok(grep(/testname/, @pkcs12info) == 1, "test friendly name in output");
+
SetConsoleOutputCP($savedcp) if (defined($savedcp));