[glib-networking/wip/danw/sni: 1/3] tls/tests: improve the create-files.sh script

From: Dan Winship <danw src gnome org>
To: commits-list gnome org
Cc:
Subject: [glib-networking/wip/danw/sni: 1/3] tls/tests: improve the create-files.sh script
Date: Wed, 31 May 2017 19:03:57 +0000 (UTC)

commit 39d8b7592ee5916ba414e4c7096ca8c8d737ab6d
Author: Dan Winship <danw gnome org>
Date:   Thu Dec 11 22:39:39 2014 +0100

    tls/tests: improve the create-files.sh script
    
    Make create-files.sh regenerate ca-roots.pem and ca-roots-bad.pem as
    well, and make the remaining "fix stuff up" message more generic.
    
    Also, make it remove the csr files after running, since they're not
    needed after that (and delete the two that accidentally got
    committed).

 tls/tests/files/create-files.sh             |   24 ++++++++++++++++--------
 tls/tests/files/intermediate-ca-csr.pem     |   12 ------------
 tls/tests/files/server-intermediate-csr.pem |    9 ---------
 3 files changed, 16 insertions(+), 29 deletions(-)
---
diff --git a/tls/tests/files/create-files.sh b/tls/tests/files/create-files.sh
index 9b4a737..35aa38d 100755
--- a/tls/tests/files/create-files.sh
+++ b/tls/tests/files/create-files.sh
@@ -16,13 +16,9 @@ echo "a couple of certificates (sudo password will be requested). This"
 echo "is because it uses the OpenSSL x509 utility instead of the ca"
 echo "utility which allows to set a starting date for the certificates."
 echo
-echo "A few manual changes need to be made. The first certificate"
-echo "in ca-roots.pem and ca-roots-bad.pem need to be replaced by"
-echo "the contents of ca.pem."
-echo
-echo "Also, file-database.c:test_lookup_certificates_issued_by has"
-echo "an ISSUER variable that needs to be changed by the CA identifier"
-echo "(read the comment in that function)."
+echo "If you change this script, run 'make check' afterward, as some"
+echo "of the tests depend on things like exactly how many certificates"
+echo "are in each file."
 echo
 echo "                   *** IMPORTANT ***"
 echo
@@ -41,6 +37,17 @@ openssl genrsa -out ca-key.pem 1024
 msg "Creating CA certificate"
 openssl req -x509 -new -config ssl/ca.conf -days 10950 -key ca-key.pem -out ca.pem
 
+msg "Updating ca-roots.pem and ca-roots-bad.pem"
+(awk '/BEGIN/ { ended=1; } { if (!ended) { print; } }' ca-roots.pem;
+    cat ca.pem
+    awk '{ if (started) { print; } } /END/ { started=1; }' ca-roots.pem) > ca-roots.pem.new
+mv ca-roots.pem.new ca-roots.pem
+
+(awk '/BEGIN/ { ended=1; } { if (!ended) { print; } }' ca-roots-bad.pem;
+    cat ca.pem
+    awk '{ if (started) { print; } } /END/ { started=1; }' ca-roots-bad.pem) > ca-roots-bad.pem.new
+mv ca-roots-bad.pem.new ca-roots-bad.pem
+
 #######################################################################
 ### Server
 #######################################################################
@@ -159,6 +166,7 @@ cat ca.pem >> chain.pem
 ### Cleanup
 #######################################################################
 
-# We don't need the serial files anymore
+# We don't need the serial files or CSRs anymore
 rm -f serial
 rm -f intermediate-serial
+rm -f *-csr.pem

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]