data/key-invalid3.der data/pkcs8-eddsa.pem data/pkcs8-eddsa.pem.txt \
data/rfc4490.p7b data/rfc4490.p7b.out data/gost01.p12 data/gost12.p12 data/gost12-2.p12 \
data/ca-crl-invalid.crl data/ca-crl-invalid.pem data/ca-crl-valid.pem data/ca-crl-valid.crl \
- data/rfc4134-ca-rsa.pem data/rfc4134-4.5.p7b \
- data/key-gost01.p8 data/key-gost01-2.p8 data/key-gost01-2-enc.p8 \
+ data/rfc4134-ca-rsa.pem data/rfc4134-4.5.p7b templates/template-no-ca.tmpl \
+ data/key-gost01.p8 data/key-gost01-2.p8 data/key-gost01-2-enc.p8 data/crq-cert-no-ca.pem \
data/key-gost12-256.p8 data/key-gost12-256-2.p8 data/key-gost12-256-2-enc.p8 \
data/key-gost12-512.p8 data/grfc.crt data/gost-cert-ca.pem data/gost-cert-new.pem \
data/cert-with-non-digits-time-ca.pem data/cert-with-non-digits-time.pem \
- data/chain-512-leaf.pem data/chain-512-subca.pem data/chain-512-ca.pem
+ data/chain-512-leaf.pem data/chain-512-subca.pem data/chain-512-ca.pem \
+ templates/template-no-ca-honor.tmpl templates/template-no-ca-explicit.tmpl \
+ data/crq-cert-no-ca-explicit.pem data/crq-cert-no-ca-honor.pem
dist_check_SCRIPTS = pathlen aki invalid-sig email \
pkcs7 pkcs7-broken-sigs privkey-import name-constraints certtool-long-cn crl provable-privkey \
exit ${rc}
fi
+# check whether the generation with extension works
+datefudge -s "2007-04-22" \
+ "${CERTTOOL}" --generate-request \
+ --load-privkey "${srcdir}/data/template-test.key" \
+ --template "${srcdir}/templates/arb-extensions.tmpl" \
+ --outfile $OUTFILE 2>/dev/null
+rc=$?
+
+if test "${rc}" != "0"; then
+ echo "add_extension crq failed"
+ exit ${rc}
+fi
+
+${DIFF} --ignore-matching-lines "Algorithm Security Level" "${srcdir}/data/arb-extensions.csr" "${OUTFILE}" >/dev/null 2>&1
+rc=$?
+
+if test "${rc}" != "0"; then
+ echo "Certificate request generation with explicit extensions failed"
+ exit ${rc}
+fi
+
+# Generate certificate from CRQ with no explicit extensions
+datefudge -s "2007-04-22" \
+ "${CERTTOOL}" --generate-certificate \
+ --load-ca-privkey "${srcdir}/../../doc/credentials/x509/ca-key.pem" \
+ --load-ca-certificate "${srcdir}/../../doc/credentials/x509/ca.pem" \
+ --load-request "${srcdir}/data/arb-extensions.csr" \
+ --template "${srcdir}/templates/template-no-ca.tmpl" \
+ --outfile "${OUTFILE}" 2>/dev/null
+rc=$?
+
+if test "${rc}" != "0"; then
+ echo "generate certificate with crq failed"
+ exit ${rc}
+fi
+
+${DIFF} --ignore-matching-lines "Algorithm Security Level" "${srcdir}/data/crq-cert-no-ca.pem" "${OUTFILE}" >/dev/null 2>&1
+rc=$?
+
+if test "${rc}" != "0"; then
+ echo "Certificate from request generation failed"
+ exit ${rc}
+fi
+
+# Generate certificate from CRQ with CRQ extensions
+datefudge -s "2007-04-22" \
+ "${CERTTOOL}" --generate-certificate \
+ --load-ca-privkey "${srcdir}/../../doc/credentials/x509/ca-key.pem" \
+ --load-ca-certificate "${srcdir}/../../doc/credentials/x509/ca.pem" \
+ --load-request "${srcdir}/data/arb-extensions.csr" \
+ --template "${srcdir}/templates/template-no-ca-honor.tmpl" \
+ --outfile "${OUTFILE}" 2>/dev/null
+rc=$?
+
+if test "${rc}" != "0"; then
+ echo "generate certificate with crq failed"
+ exit ${rc}
+fi
+
+${DIFF} --ignore-matching-lines "Algorithm Security Level" "${srcdir}/data/crq-cert-no-ca-honor.pem" "${OUTFILE}" >/dev/null 2>&1
+rc=$?
+
+if test "${rc}" != "0"; then
+ echo "Certificate from request generation with honor flag failed"
+ exit ${rc}
+fi
+
+# Generate certificate from CRQ with explicit extensions
+datefudge -s "2007-04-22" \
+ "${CERTTOOL}" --generate-certificate \
+ --load-ca-privkey "${srcdir}/../../doc/credentials/x509/ca-key.pem" \
+ --load-ca-certificate "${srcdir}/../../doc/credentials/x509/ca.pem" \
+ --load-request "${srcdir}/data/arb-extensions.csr" \
+ --template "${srcdir}/templates/template-no-ca-explicit.tmpl" \
+ --outfile "${OUTFILE}" 2>/dev/null
+rc=$?
+
+if test "${rc}" != "0"; then
+ echo "generate certificate with crq failed"
+ exit ${rc}
+fi
+
+${DIFF} --ignore-matching-lines "Algorithm Security Level" "${srcdir}/data/crq-cert-no-ca-explicit.pem" "${OUTFILE}" >/dev/null 2>&1
+rc=$?
+
+if test "${rc}" != "0"; then
+ echo "Certificate from request generation with explicit extensions failed"
+ exit ${rc}
+fi
+
+
rm -f "${OUTFILE}" "${OUTFILE2}" "${TMPFILE}"
exit 0
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIIEUzCCAwugAwIBAgIBAjANBgkqhkiG9w0BAQsFADAZMRcwFQYDVQQDEw5HbnVU
+TFMgVGVzdCBDQTAeFw0wNzA0MjIwMDAwMDBaFw0wODA0MjEwMDAwMDBaMHsxFTAT
+BgNVBAMTDENpbmR5IExhdXBlcjEXMBUGA1UECxMOc2xlZXBpbmcgZGVwdC4xEjAQ
+BgNVBAoTCUtva28gaW5jLjEPMA0GA1UECBMGQXR0aWtpMQswCQYDVQQGEwJHUjEX
+MBUGCgmSJomT8ixkAQETB2NsYXVwZXIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ
+AoGBAKXGznVDhL9kngInE/EDWfd5LZLtfC9QpAPxLXm5hosFfjq7RKqvhM8TmB4c
+Sjj3My16n3LUa20msDE3cBD7QunYnRhlfhlJ/AWWBGiDHneGv+315RI7E/4zGJwa
+eh1pr0cCYHofuejP28g0MFGWPYyWXAC8Yd4ID7E2IX+pAOMFAgMBAAGjggGWMIIB
+kjASBgMqAwQECwABAgMEBQYHqqvNMBIGA84HCAQLAAECAwQFBgeqq80wGgYGKgME
+BQYHBBAdNM1a0GXcJ8F+lEewqqynMFwGCCoDj////38HBFAXjw5BPwQcydZK9kvz
+tmx86sb6NKTXftZMlosmx2FwlEX0DZygoACRr30hJ4nAC3OHsdDXq2I91AKdS4bb
+NlNiHTTNWtBl3CfBfpRHsKqspzBSBgYqg5nLAAcESNZK9kvztmx86sb6NKTXftZM
+losmx2FwlEX0DZygoACRr30hJ4nAC3OHsdDXq2I91AKdS4bbNlNiHTTNWtBl3CfB
+fpRHsKqspzANBgMYAQUEBgQEyv6+rzATBgpyCwwNDg8QEQEFAQH/BALK/jATBgQY
+AQUBAQH/BAgEBr6vyv76+jAMBgNVHRMBAf8EAjAAMBMGA1UdJQQMMAoGCCsGAQUF
+BwMEMB0GA1UdDgQWBBRdQK3wzpRAlYt+mZQdklQiynI2XzAfBgNVHSMEGDAWgBRN
+VrdqAFjxZ5L0pnVVG45TAQPvzzANBgkqhkiG9w0BAQsFAAOCATEAdg6mnXMO1f+5
+/NAaoJ4In3Pse7TM+raJWwRBXqYXOgo66CM2Ffam0v8U8t7h+Uo0lu10u+2EwqZQ
+Em2jDgZ4SS//FPg5WLRx3wBqtP/o/nsJnuIlXzeXOx2fYMnekrQAu453ClPPt0dX
+D7oiSYfcodcTOlzj7c3cnSiKAONmSvQfpkPD4Uc5EEVIeAHCH/vsMhuEycLT0I1M
+NwvxmTuH9y76orKNbPWHqSnsTm5sdF7Lz5+t3ph9hYEo8nI+hb0sx6w9HpPpAWaj
+yYxN/XS76sFma09k4BFUq9RtshJh64GWVsNBLdXyrCArQJPgQehHm5ccrAJ81qM2
+q7M2H8aUbx3o3ASgTJTuYunS043A8TgPQuXFybSIM/zO3onh21PkVtfcUcRswdpf
+oBQirZDyGA==
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIIEZzCCAx+gAwIBAgIBAjANBgkqhkiG9w0BAQsFADAZMRcwFQYDVQQDEw5HbnVU
+TFMgVGVzdCBDQTAeFw0wNzA0MjIwMDAwMDBaFw0wODA0MjEwMDAwMDBaMHsxFTAT
+BgNVBAMTDENpbmR5IExhdXBlcjEXMBUGA1UECxMOc2xlZXBpbmcgZGVwdC4xEjAQ
+BgNVBAoTCUtva28gaW5jLjEPMA0GA1UECBMGQXR0aWtpMQswCQYDVQQGEwJHUjEX
+MBUGCgmSJomT8ixkAQETB2NsYXVwZXIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ
+AoGBAKXGznVDhL9kngInE/EDWfd5LZLtfC9QpAPxLXm5hosFfjq7RKqvhM8TmB4c
+Sjj3My16n3LUa20msDE3cBD7QunYnRhlfhlJ/AWWBGiDHneGv+315RI7E/4zGJwa
+eh1pr0cCYHofuejP28g0MFGWPYyWXAC8Yd4ID7E2IX+pAOMFAgMBAAGjggGqMIIB
+pjASBgMqAwQECwABAgMEBQYHqqvNMBIGA84HCAQLAAECAwQFBgeqq80wGgYGKgME
+BQYHBBAdNM1a0GXcJ8F+lEewqqynMFwGCCoDj////38HBFAXjw5BPwQcydZK9kvz
+tmx86sb6NKTXftZMlosmx2FwlEX0DZygoACRr30hJ4nAC3OHsdDXq2I91AKdS4bb
+NlNiHTTNWtBl3CfBfpRHsKqspzBSBgYqg5nLAAcESNZK9kvztmx86sb6NKTXftZM
+losmx2FwlEX0DZygoACRr30hJ4nAC3OHsdDXq2I91AKdS4bbNlNiHTTNWtBl3CfB
+fpRHsKqspzANBgMYAQUEBgQEyv6+rzATBgpyCwwNDg8QEQEFAQH/BALK/jATBgQY
+AQUBAQH/BAgEBr6vyv76+jAMBgNVHRMBAf8EAjAAMBYGA1UdJQEB/wQMMAoGCCsG
+AQUFBwMEMA8GA1UdDwEB/wQFAwMHgAAwHQYDVR0OBBYEFF1ArfDOlECVi36ZlB2S
+VCLKcjZfMB8GA1UdIwQYMBaAFE1Wt2oAWPFnkvSmdVUbjlMBA+/PMA0GCSqGSIb3
+DQEBCwUAA4IBMQACwQBci5GYQ3clNSdRzf/8smu1nvZo8knhCp/i+IJiXdFX7pl0
+lBtKMXZVnL3zwidH11EP8XMsusISpcRMznEYT4sDLa2k5QWXq1T3tT8mkX2xnBox
+gKJmFw5WcaaEyiMRrAfv5YxY1RT6Hn8nMgWpIdj3hY3tZ9I6urWD16wc/w/53acS
+2pvfp3H0RRHC6S1ZBZhRWdB3ZH7pmMx0Wbsk9CC6bw9msjy7Qj4Rz+gQwHPJ+0y5
+2+w85DOmIGZmzw7vdZ+6oVsDCfcqIU0WYTD31CKMCAZys0nNyXxDNZJoyTUdcMjU
+ccEnm7ptGVtNobiJCOlw4IFhHF78RZqnD5f1bIzkK9dL00vcXqlUqg4fC89fWHvL
+tuLvUsrrvBco4tbB2XFWdBtIkQcWy7eFl9l3
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIIDCzCCAcOgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAZMRcwFQYDVQQDEw5HbnVU
+TFMgVGVzdCBDQTAeFw0wNzA0MjIwMDAwMDBaFw0wODA0MjEwMDAwMDBaMHsxFTAT
+BgNVBAMTDENpbmR5IExhdXBlcjEXMBUGA1UECxMOc2xlZXBpbmcgZGVwdC4xEjAQ
+BgNVBAoTCUtva28gaW5jLjEPMA0GA1UECBMGQXR0aWtpMQswCQYDVQQGEwJHUjEX
+MBUGCgmSJomT8ixkAQETB2NsYXVwZXIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ
+AoGBAKXGznVDhL9kngInE/EDWfd5LZLtfC9QpAPxLXm5hosFfjq7RKqvhM8TmB4c
+Sjj3My16n3LUa20msDE3cBD7QunYnRhlfhlJ/AWWBGiDHneGv+315RI7E/4zGJwa
+eh1pr0cCYHofuejP28g0MFGWPYyWXAC8Yd4ID7E2IX+pAOMFAgMBAAGjUDBOMAwG
+A1UdEwEB/wQCMAAwHQYDVR0OBBYEFF1ArfDOlECVi36ZlB2SVCLKcjZfMB8GA1Ud
+IwQYMBaAFE1Wt2oAWPFnkvSmdVUbjlMBA+/PMA0GCSqGSIb3DQEBCwUAA4IBMQCP
+Go/myevL2Ia/w3bOy+k/NdJ8OB5o6T42WHCcqvBOrcrQJEjhfZP8fl79KNGqNbxs
+Fr6hwP1inY1yxdUtn0OCiKEB1Gp68QMb10eS7QarcMTiznUty8o+NHU9nV6I0kbO
+4sBi6uMR5Hv0WQ6fQigjo11RQB7cN7mGqpMBzkCG47WLgk19uJhmFBaWNjtFDbY5
+e4mxQpAonicUoKlubJ1JY5gyZEjVriuWjnuxqhGyul7SnrzeSBQPR81gz1n1YjXJ
+8aQ8FqyTG9tQkU0EkJwE1FxuFoqB0MHfTSn8THtZRLeSO5ymAQgmHU81IieTXFn9
+l37AavQFVpcyp1MHXIWn+CYjzQ38oo90SABRGMoiQSz0iRT+auCjnYZ3dNyax9HR
+9zf+KHBvs5sSsslNWQb/
+-----END CERTIFICATE-----
--- /dev/null
+cn = "No CA"
+serial = 02
+
+email_protection_key
+
+add_extension = "1.2.3.4 0001020304050607AAABCD"
+add_extension = "5.6.7.8 0x0001020304050607AAABCD"
+add_extension = "1.2.3.4.5.6.7 1d34cd5ad065dc27c17e9447b0aaaca7"
+add_extension = "1.2.3.4294967295.7 178f0e413f041cc9d64af64bf3b66c7ceac6fa34a4d77ed64c968b26c761709445f40d9ca0a00091af7d212789c00b7387b1d0d7ab623dd4029d4b86db3653621d34cd5ad065dc27c17e9447b0aaaca7"
+add_critical_extension = "9.10.11.12.13.14.15.16.17.1.5 CAFE"
+add_extension = "1.2.6710656.7 d64af64bf3b66c7ceac6fa34a4d77ed64c968b26c761709445f40d9ca0a00091af7d212789c00b7387b1d0d7ab623dd4029d4b86db3653621d34cd5ad065dc27c17e9447b0aaaca7"
+add_extension = "7.0.1.5 octet_string(CAFEBEAF)"
+add_critical_extension = "7.0.1.5.1 octet_string(BEAFCAFEFAFA)"
--- /dev/null
+cn = "No CA"
+serial = 02
+honor_crq_extensions
--- /dev/null
+cn = "No CA"
+serial = 02
projects / thirdparty / gnutls.git / commitdiff
