Add a DSA test key/cert pair to sample-keys

Makes it easier to test changes to DSA-related code.

Signed-off-by: Steffan Karger <steffan@karger.me>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20170618105740.10090-1-steffan@karger.me>
URL: https://www.mail-archive.com/search?l=mid&q=20170618105740.10090-1-steffan@karger.me
Signed-off-by: Gert Doering <gert@greenie.muc.de>

diff --git a/sample/sample-keys/gen-sample-keys.sh b/sample/sample-keys/gen-sample-keys.sh
index 301cff2808a53b081e3af8772d163a1d7feb59a4..920513a195ad212408328d692435123a79fb5ba5 100755 (executable)
--- a/sample/sample-keys/gen-sample-keys.sh
+++ b/sample/sample-keys/gen-sample-keys.sh
@@ -61,6 +61,22 @@ openssl ca -batch -config openssl.cnf \
 openssl ca -config openssl.cnf -revoke sample-ca/client-revoked.crt
 openssl ca -config openssl.cnf -gencrl -out sample-ca/ca.crl
 
+# Create DSA server and client cert (signed by 'regular' RSA CA)
+openssl dsaparam -out sample-ca/dsaparams.pem 2048
+
+openssl req -new -newkey dsa:sample-ca/dsaparams.pem -nodes -config openssl.cnf \
+    -extensions server \
+    -keyout sample-ca/server-dsa.key -out sample-ca/server-dsa.csr \
+    -subj "/C=KG/ST=NA/O=OpenVPN-TEST/CN=Test-Server-DSA/emailAddress=me@myhost.mydomain"
+openssl ca -batch -config openssl.cnf -extensions server \
+    -out sample-ca/server-dsa.crt -in sample-ca/server-dsa.csr
+
+openssl req -new -newkey dsa:sample-ca/dsaparams.pem -nodes -config openssl.cnf \
+    -keyout sample-ca/client-dsa.key -out sample-ca/client-dsa.csr \
+    -subj "/C=KG/ST=NA/O=OpenVPN-TEST/CN=Test-Client-DSA/emailAddress=me@myhost.mydomain"
+openssl ca -batch -config openssl.cnf \
+    -out sample-ca/client-dsa.crt -in sample-ca/client-dsa.csr
+
 # Create EC server and client cert (signed by 'regular' RSA CA)
 openssl ecparam -out sample-ca/secp256k1.pem -name secp256k1