Add a revoked cert to the sample keys

Allows for easier testing of the revocation functionality.

Signed-off-by: Steffan Karger <steffan@karger.me>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Message-Id: <1477510159-5067-1-git-send-email-steffan@karger.me>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg12784.html
Signed-off-by: David Sommerseth <davids@openvpn.net>

diff --git a/sample/sample-keys/gen-sample-keys.sh b/sample/sample-keys/gen-sample-keys.sh
index 725cfc970c1e41c07a87549a2269368d6a408615..301cff2808a53b081e3af8772d163a1d7feb59a4 100755 (executable)
--- a/sample/sample-keys/gen-sample-keys.sh
+++ b/sample/sample-keys/gen-sample-keys.sh
@@ -52,6 +52,14 @@ openssl pkcs12 -export -nodes -password pass:password \
     -out sample-ca/client.p12 -inkey sample-ca/client.key \
     -in sample-ca/client.crt -certfile sample-ca/ca.crt
 
+# Create a client cert, revoke it, generate CRL
+openssl req -new -nodes -config openssl.cnf \
+    -keyout sample-ca/client-revoked.key -out sample-ca/client-revoked.csr \
+    -subj "/C=KG/ST=NA/O=OpenVPN-TEST/CN=client-revoked/emailAddress=me@myhost.mydomain"
+openssl ca -batch -config openssl.cnf \
+    -out sample-ca/client-revoked.crt -in sample-ca/client-revoked.csr
+openssl ca -config openssl.cnf -revoke sample-ca/client-revoked.crt
+openssl ca -config openssl.cnf -gencrl -out sample-ca/ca.crl
 
 # Create EC server and client cert (signed by 'regular' RSA CA)
 openssl ecparam -out sample-ca/secp256k1.pem -name secp256k1
@@ -76,3 +84,4 @@ openssl dhparam -out dh2048.pem 2048
 cp sample-ca/*.key .
 cp sample-ca/*.crt .
 cp sample-ca/*.p12 .
+cp sample-ca/*.crl .