setup("test_req");
-plan tests => 91;
+plan tests => 92;
require_ok(srctop_file('test', 'recipes', 'tconversion.pl'));
ok(!run(app([@addext_args, "-addext", $val, "-addext", $val3])));
ok(!run(app([@addext_args, "-addext", $val2, "-addext", $val3])));
+# If a CSR is provided with neither of -key or -CA/-CAkey, this should fail.
+ok(!run(app(["openssl", "req", "-x509",
+ "-in", srctop_file(@certs, "x509-check.csr"),
+ "-out", "testreq.pem"])));
+
subtest "generating alt certificate requests with RSA" => sub {
plan tests => 3;
my $ca_key = srctop_file(@certs, "ca-key.pem");
my $key = $is_ca ? $ca_key : srctop_file(@certs, "ee-key.pem");
my @cmd = ("openssl", "req", "-config", "", "-x509",
- "-key", $key, "-subj", "/CN=$cn", @_, "-out", $cert);
+ "-subj", "/CN=$cn", @_, "-out", $cert);
+ push(@cmd, ("-key", $key)) if $ss;
push(@cmd, ("-CA", $ca_cert, "-CAkey", $ca_key)) unless $ss;
ok(run(app([@cmd])), "generate $cert");
}
# AKID of not self-issued certs
$cert = "regular_v3_EE_default_KIDs.pem";
-generate_cert($cert, "-addext", "keyUsage = dataEncipherment");
+generate_cert($cert, "-addext", "keyUsage = dataEncipherment",
+ "-key", srctop_file(@certs, "ee-key.pem"));
cert_ext_has_n_different_lines($cert, 4, $SKID_AKID); # SKID != AKID
strict_verify($cert, 1, $ca_cert);
+
$cert = "regular_v3_EE_copied_exts_default_KIDs.pem";
generate_cert($cert, "-copy_extensions", "copy",
"-in", srctop_file(@certs, "ext-check.csr"));
strict_verify($cert, 1);
$cert = "v3_EE_no_AKID.pem";
-generate_cert($cert, "-addext", "authorityKeyIdentifier = none");
+generate_cert($cert, "-addext", "authorityKeyIdentifier = none",
+ "-key", srctop_file(@certs, "ee-key.pem"));
has_SKID($cert, 1);
has_AKID($cert, 0);
strict_verify($cert, 0, $ca_cert);