certtool: always include the CRL distribution points on CAs

Previously we would omit the CRL distribution points from a non-self
signed CA certificate, even if contained in the template.

Resolves: #765

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

3 files changed, 44 insertions, 1 deletions

diff --git a/tests/cert-tests/Makefile.am b/tests/cert-tests/Makefile.am
index 8944670dc4..5a22e4534e 100644
--- a/tests/cert-tests/Makefile.am
+++ b/tests/cert-tests/Makefile.am
@@ -78,7 +78,7 @@ EXTRA_DIST = data/ca-no-pathlen.pem data/no-ca-or-pathlen.pem data/aki-cert.pem
 	data/alt-chain.pem data/pkcs7-chain.pem data/pkcs7-chain-root.pem data/chain-eddsa.pem \
 	data/pkcs7-chain-endcert-key.pem data/cert-rsa-pss.pem data/openssl-invalid-time-format.pem \
 	data/cert-eddsa.pem data/pubkey-eddsa.pem data/pkcs7-eddsa-sig.p7s \
-	data/key-ca.pem data/key-user.pem \
+	data/key-ca.pem data/key-user.pem data/template-sgenerate.pem \
 	data/ca-gnutls-keyid.pem data/ca-no-keyid.pem data/ca-weird-keyid.pem \
 	data/key-ca-1234.p8 data/key-ca-empty.p8 data/key-ca-null.p8 \
 	data/openssl-key-ecc.p8 data/key-ecc.p8 data/key-ecc.pem suppressions.valgrind \
diff --git a/tests/cert-tests/data/template-sgenerate.pem b/tests/cert-tests/data/template-sgenerate.pem
new file mode 100644
index 0000000000..b16915c8fa
--- /dev/null
+++ b/tests/cert-tests/data/template-sgenerate.pem
@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDtDCCAmygAwIBAgIBBzANBgkqhkiG9w0BAQsFADAZMRcwFQYDVQQDEw5HbnVU
+TFMgVGVzdCBDQTAeFw0wNzA0MjIwMDAwMDBaFw0xNDA1MjUwMDAwMDBaMFsxDDAK
+BgNVBAMTA05pazEPMA0GA1UECBMGQXR0aWtpMQswCQYDVQQGEwJHUjEaMBgGA1UE
+BBMRTWF2cm9naWFubm9wb3Vsb3MxETAPBgNVBAkTCEFya2FkaWFzMIGfMA0GCSqG
+SIb3DQEBAQUAA4GNADCBiQKBgQClxs51Q4S/ZJ4CJxPxA1n3eS2S7XwvUKQD8S15
+uYaLBX46u0Sqr4TPE5geHEo49zMtep9y1GttJrAxN3AQ+0Lp2J0YZX4ZSfwFlgRo
+gx53hr/t9eUSOxP+MxicGnodaa9HAmB6H7noz9vINDBRlj2MllwAvGHeCA+xNiF/
+qQDjBQIDAQABo4IBFzCCARMwDwYDVR0TAQH/BAUwAwEB/zBqBgNVHREEYzBhggx3
+d3cubm9uZS5vcmeCE3d3dy5tb3JldGhhbm9uZS5vcmeCF3d3dy5ldmVubW9yZXRo
+YW5vbmUub3JnhwTAqAEBgQ1ub25lQG5vbmUub3JngQ53aGVyZUBub25lLm9yZzAT
+BgNVHSUEDDAKBggrBgEFBQcDCTAPBgNVHQ8BAf8EBQMDB4QAMB0GA1UdDgQWBBRd
+QK3wzpRAlYt+mZQdklQiynI2XzAfBgNVHSMEGDAWgBRNVrdqAFjxZ5L0pnVVG45T
+AQPvzzAuBgNVHR8EJzAlMCOgIaAfhh1odHRwOi8vd3d3LmdldGNybC5jcmwvZ2V0
+Y3JsLzANBgkqhkiG9w0BAQsFAAOCATEAddMzLqCJ+KkNgn/mcz19mEh4ZSiJzS14
+d4SLlcImMFJSPRQ6hwjKXB4N5vljr5pr69e9bg9kzuw622xjT+8YNKJH9c4VEcyK
+HEemVemeMJAU10d7XVnQAExt9w+siPJlXMpjG2ij/DNmoi8PWUq1qhIskJohYg9C
+NVXdViL29z5wMmh91mQI7xt6vw8S4WrmSZrkrkAXK07h5yeqjIQYht2iQjLZF2rO
+3d0h3u7RdyV1uG93C3FW0Dthqqon6UdEjuPeYCK/7cWe3BhBGIJ/SRDVYXp3VtlS
+Ms66n3bpSxrI1el+2lHfDTJwGgIvLhXz3bmznkqbg482rJkFTuS/DmwiTcErF+rF
+E3zPAchY2B+ieRe5944OsQcfhaZDVyUcrC5FtFp0Q/LFmPgy55dR1g==
+-----END CERTIFICATE-----
diff --git a/tests/cert-tests/template-test b/tests/cert-tests/template-test
index 43e28fe15d..f7ebefb664 100755
--- a/tests/cert-tests/template-test
+++ b/tests/cert-tests/template-test
@@ -93,6 +93,27 @@ fi
 
 rm -f ${TMPFILE}
 
+echo "Running test for certificate generation with --generate-self-signed"
+
+datefudge -s "2007-04-22" \
+	"${CERTTOOL}" --generate-certificate \
+		--load-privkey "${srcdir}/data/template-test.key" \
+		--load-ca-privkey "${srcdir}/../../doc/credentials/x509/ca-key.pem" \
+		--load-ca-certificate "${srcdir}/../../doc/credentials/x509/ca.pem" \
+		--template "${srcdir}/templates/template-dn.tmpl" \
+		--outfile ${TMPFILE} 2>/dev/null
+
+${DIFF} "${srcdir}/data/template-sgenerate.pem" ${TMPFILE} >/dev/null 2>&1
+rc=$?
+
+# We're done.
+if test "${rc}" != "0"; then
+	echo "Test 3-a non-self-signed generation failed"
+	exit ${rc}
+fi
+
+rm -f ${TMPFILE}
+
 datefudge -s "2007-04-22" \
 	"${CERTTOOL}" --generate-self-signed \
 		--load-privkey "${srcdir}/data/template-test.key" \