From: Tobias Brunner <tobias@strongswan.org>
Date: Tue, 27 Oct 2015 16:42:15 +0000 (+0100)
Subject: testing: Generate a CRL that has moon's actual certificate revoked
X-Git-Tag: 5.4.0rc1~10^2~2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d163aa5eaf265ae7fc69fe0689ad82ea1149b410;p=thirdparty%2Fstrongswan.git

testing: Generate a CRL that has moon's actual certificate revoked
---

diff --git a/testing/hosts/winnetou/etc/openssl/generate-crl b/testing/hosts/winnetou/etc/openssl/generate-crl
index 842c3a1b23..de3c13dcf4 100755
--- a/testing/hosts/winnetou/etc/openssl/generate-crl
+++ b/testing/hosts/winnetou/etc/openssl/generate-crl
@@ -24,6 +24,9 @@ openssl crl -in crl.pem -outform der -out strongswan.crl
 cp strongswan.crl     ${ROOT}
 cp strongswanCert.pem ${ROOT}
 cp index.html         ${ROOT}
+# revoke moon's current CERT
+pki --signcrl --cacert strongswanCert.pem --cakey strongswanKey.pem --lifetime 30 --reason key-compromise --cert newcerts/2B.pem --lastcrl strongswan.crl > strongswan_moon_revoked.crl
+cp strongswan_moon_revoked.crl ${ROOT}
 cd /etc/openssl/research
 openssl ca -gencrl -crldays 15 -config /etc/openssl/research/openssl.cnf -out crl.pem
 openssl crl -in crl.pem -outform der -out research.crl