diff options
| author | Todd Short <tshort@akamai.com> | 2022-07-21 09:45:52 -0400 |
|---|---|---|
| committer | Todd Short <todd.short@me.com> | 2022-07-22 13:47:03 -0400 |
| commit | 29fcd2e79ef739ff9211edd88d99ba03dd201299 (patch) | |
| tree | 05200305a78f8d9bab6ce36f555370ed87ede9a2 /test | |
| parent | 93429fc0ce9468242a463ff5878cd53b97e7f13f (diff) | |
| download | openssl-new-29fcd2e79ef739ff9211edd88d99ba03dd201299.tar.gz | |
Add test from "Fix re-signing certificates with different key sizes"
Tests for #16080 and #18836
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18841)
Diffstat (limited to 'test')
| -rw-r--r-- | test/recipes/25-test_x509.t | 57 |
1 files changed, 56 insertions, 1 deletions
diff --git a/test/recipes/25-test_x509.t b/test/recipes/25-test_x509.t index 67abee1028..9e1cc0368e 100644 --- a/test/recipes/25-test_x509.t +++ b/test/recipes/25-test_x509.t @@ -16,7 +16,7 @@ use OpenSSL::Test qw/:DEFAULT srctop_file/; setup("test_x509"); -plan tests => 21; +plan tests => 28; # Prevent MSys2 filename munging for arguments that look like file paths but # aren't @@ -146,3 +146,58 @@ ok(run(app(["openssl", "x509", "-noout", "-dates", "-dateopt", "iso_8601", ok(!run(app(["openssl", "x509", "-noout", "-dates", "-dateopt", "invalid_format", "-in", srctop_file("test/certs", "ca-cert.pem")])), "Run with invalid -dateopt format"); + +# extracts issuer from a -text formatted-output +sub get_issuer { + my $f = shift(@_); + my $issuer = ""; + open my $fh, $f or die; + while (my $line = <$fh>) { + if ($line =~ /Issuer:/) { + $issuer = $line; + } + } + close $fh; + return $issuer; +} + +# Tests for signing certs (broken in 1.1.1o) +my $a_key = "a-key.pem"; +my $a_cert = "a-cert.pem"; +my $a2_cert = "a2-cert.pem"; +my $ca_key = "ca-key.pem"; +my $ca_cert = "ca-cert.pem"; +my $cnf = srctop_file('apps', 'openssl.cnf'); + +# Create cert A +ok(run(app(["openssl", "req", "-x509", "-newkey", "rsa:2048", + "-config", $cnf, + "-keyout", $a_key, "-out", $a_cert, "-days", "365", + "-nodes", "-subj", "/CN=test.example.com"]))); +# Create cert CA - note key size +ok(run(app(["openssl", "req", "-x509", "-newkey", "rsa:4096", + "-config", $cnf, + "-keyout", $ca_key, "-out", $ca_cert, "-days", "3650", + "-nodes", "-subj", "/CN=ca.example.com"]))); +# Sign cert A with CA (errors on 1.1.1o) +ok(run(app(["openssl", "x509", "-in", $a_cert, "-CA", $ca_cert, + "-CAkey", $ca_key, "-set_serial", "1234567890", + "-preserve_dates", "-sha256", "-text", "-out", $a2_cert]))); +# verify issuer is CA +ok (get_issuer($a2_cert) =~ /CN=ca.example.com/); + +# Tests for issue #16080 (fixed in 1.1.1o) +my $b_key = "b-key.pem"; +my $b_csr = "b-cert.csr"; +my $b_cert = "b-cert.pem"; +# Create the CSR +ok(run(app(["openssl", "req", "-new", "-newkey", "rsa:4096", + "-keyout", $b_key, "-out", $b_csr, "-nodes", + "-config", $cnf, + "-subj", "/CN=b.example.com"]))); +# Sign it - position of "-text" matters! +ok(run(app(["openssl", "x509", "-req", "-text", "-CAcreateserial", + "-CA", $ca_cert, "-CAkey", $ca_key, + "-in", $b_csr, "-out", $b_cert]))); +# Verify issuer is CA +ok(get_issuer($b_cert) =~ /CN=ca.example.com/); |