From 46cd5a7d9434ed104093152bdf0a55404e6a1c6b Mon Sep 17 00:00:00 2001 From: Rob Crittenden Date: Tue, 5 Oct 2021 11:04:10 -0400 Subject: [PATCH] Update csrgen test to understand OpenSSL 3.0.0 output OpenSSL 3.0.0 change a lot of output messages. When verifying a certificate instead of printing just "verify OK" it prints "Certificate request self-signature verify OK" Modify the check to match both OpenSSL 1.x and 3.x Related: https://pagure.io/certmonger/issue/223 Signed-off-by: Rob Crittenden --- tests/003-csrgen-ec/run.sh | 4 ++-- tests/003-csrgen-rsa/run.sh | 4 ++-- tests/003-csrgen/run.sh | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/tests/003-csrgen-ec/run.sh b/tests/003-csrgen-ec/run.sh index 91117ec8..7c0505f8 100755 --- a/tests/003-csrgen-ec/run.sh +++ b/tests/003-csrgen-ec/run.sh @@ -42,8 +42,8 @@ grep ^minicert= entry.nss.$size | sed s,^minicert=,, | base64 -d > minicert.nss. openssl x509 -out minicert.nss.$size.pem -in minicert.nss.$size -inform der # The RSA tests already verify the contents of the requests, so we really only # need to care about the signatures passing verification. -openssl req -verify -noout < csr.nss.$size 2>&1 -openssl req -verify -noout < csr.openssl.$size 2>&1 +openssl req -verify -noout -noenc < csr.nss.$size 2>&1 | sed 's/Certificate request self-signature //' +openssl req -verify -noout -noenc < csr.openssl.$size 2>&1 | sed 's/Certificate request self-signature //' openssl spkac -verify -noout < spkac.nss.$size 2>&1 openssl spkac -verify -noout < spkac.openssl.$size 2>&1 openssl verify -CAfile minicert.openssl.$size.pem minicert.openssl.$size.pem 2>&1 diff --git a/tests/003-csrgen-rsa/run.sh b/tests/003-csrgen-rsa/run.sh index bb8ebecb..4f0c0ef0 100755 --- a/tests/003-csrgen-rsa/run.sh +++ b/tests/003-csrgen-rsa/run.sh @@ -118,14 +118,14 @@ iterate() { echo key_pubkey=616263 >> entry.openssl.$size $toolsdir/csrgen entry.nss.$size > csr.nss.$size # Both should verify. - if test "`openssl req -verify -key key.$size -in csr.openssl.$size -noout 2>&1`" != "verify OK" ; then + if test "`openssl req -verify -key key.$size -in csr.openssl.$size -noout -noenc 2>&1 | grep -c "verify OK"`" != "1" ; then echo Signature failed for OpenSSL: cat csr.openssl.$size echo Private key: awk '/BEGIN PRIVATE KEY/,/END PRIVATE KEY/{print}{;}' $tmpdir/key.$size exit 1 fi - if test "`openssl req -verify -key key.$size -in csr.nss.$size -noout 2>&1`" != "verify OK" ; then + if test "`openssl req -verify -key key.$size -in csr.nss.$size -noout -noenc 2>&1 | grep -c "verify OK"`" != "1" ; then echo Signature failed for NSS: cat csr.nss.$size echo Private key: diff --git a/tests/003-csrgen/run.sh b/tests/003-csrgen/run.sh index d3dfbaf0..093beabf 100755 --- a/tests/003-csrgen/run.sh +++ b/tests/003-csrgen/run.sh @@ -170,14 +170,14 @@ iterate() { echo key_pubkey=616263 >> entry.openssl.$size $toolsdir/csrgen entry.nss.$size > csr.nss.$size # Both should verify. - if test "`openssl req -verify -key key.$size -in csr.openssl.$size -noout 2>&1`" != "verify OK" ; then + if test "`openssl req -verify -key key.$size -in csr.openssl.$size -noout -noenc 2>&1 | grep -c "verify OK"`" != "1" ; then echo Signature failed for OpenSSL: cat csr.openssl.$size echo Private key: awk '/BEGIN PRIVATE KEY/,/END PRIVATE KEY/{print}{;}' $tmpdir/key.$size exit 1 fi - if test "`openssl req -verify -key key.$size -in csr.nss.$size -noout 2>&1`" != "verify OK" ; then + if test "`openssl req -verify -key key.$size -in csr.nss.$size -noout -noenc 2>&1 | grep -c "verify OK"`" != "1" ; then echo Signature failed for NSS: cat csr.nss.$size echo Private key: -- 2.31.1