rpms/certmonger
7
0
Fork 0
Code Issues Pull Requests Releases Activity
fc56142137
certmonger/SOURCES/0007-Update-csrgen-test-to-understand-OpenSSL-3.0.0-outpu.patch
CentOS Sources fc56142137 import certmonger-0.79.14-5.el9
2022-01-11 18:02:37 +00:00

81 lines
3.7 KiB
Diff
Raw Blame History

From 46cd5a7d9434ed104093152bdf0a55404e6a1c6b Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Tue, 5 Oct 2021 11:04:10 -0400
Subject: [PATCH] Update csrgen test to understand OpenSSL 3.0.0 output
OpenSSL 3.0.0 change a lot of output messages. When verifying
a certificate instead of printing just "verify OK" it prints
"Certificate request self-signature verify OK"
Modify the check to match both OpenSSL 1.x and 3.x
Related: https://pagure.io/certmonger/issue/223
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
---
tests/003-csrgen-ec/run.sh | 4 ++--
tests/003-csrgen-rsa/run.sh | 4 ++--
tests/003-csrgen/run.sh | 4 ++--
3 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/tests/003-csrgen-ec/run.sh b/tests/003-csrgen-ec/run.sh
index 91117ec8..7c0505f8 100755
--- a/tests/003-csrgen-ec/run.sh
+++ b/tests/003-csrgen-ec/run.sh
@@ -42,8 +42,8 @@ grep ^minicert= entry.nss.$size | sed s,^minicert=,, | base64 -d > minicert.nss.
openssl x509 -out minicert.nss.$size.pem -in minicert.nss.$size -inform der
# The RSA tests already verify the contents of the requests, so we really only
# need to care about the signatures passing verification.
-openssl req -verify -noout < csr.nss.$size 2>&1
-openssl req -verify -noout < csr.openssl.$size 2>&1
+openssl req -verify -noout -noenc < csr.nss.$size 2>&1 | sed 's/Certificate request self-signature //'
+openssl req -verify -noout -noenc < csr.openssl.$size 2>&1 | sed 's/Certificate request self-signature //'
openssl spkac -verify -noout < spkac.nss.$size 2>&1
openssl spkac -verify -noout < spkac.openssl.$size 2>&1
openssl verify -CAfile minicert.openssl.$size.pem minicert.openssl.$size.pem 2>&1
diff --git a/tests/003-csrgen-rsa/run.sh b/tests/003-csrgen-rsa/run.sh
index bb8ebecb..4f0c0ef0 100755
--- a/tests/003-csrgen-rsa/run.sh
+++ b/tests/003-csrgen-rsa/run.sh
@@ -118,14 +118,14 @@ iterate() {
echo key_pubkey=616263 >> entry.openssl.$size
$toolsdir/csrgen entry.nss.$size > csr.nss.$size
# Both should verify.
- if test "`openssl req -verify -key key.$size -in csr.openssl.$size -noout 2>&1`" != "verify OK" ; then
+ if test "`openssl req -verify -key key.$size -in csr.openssl.$size -noout -noenc 2>&1 | grep -c "verify OK"`" != "1" ; then
echo Signature failed for OpenSSL:
cat csr.openssl.$size
echo Private key:
awk '/BEGIN PRIVATE KEY/,/END PRIVATE KEY/{print}{;}' $tmpdir/key.$size
exit 1
fi
- if test "`openssl req -verify -key key.$size -in csr.nss.$size -noout 2>&1`" != "verify OK" ; then
+ if test "`openssl req -verify -key key.$size -in csr.nss.$size -noout -noenc 2>&1 | grep -c "verify OK"`" != "1" ; then
echo Signature failed for NSS:
cat csr.nss.$size
echo Private key:
diff --git a/tests/003-csrgen/run.sh b/tests/003-csrgen/run.sh
index d3dfbaf0..093beabf 100755
--- a/tests/003-csrgen/run.sh
+++ b/tests/003-csrgen/run.sh
@@ -170,14 +170,14 @@ iterate() {
echo key_pubkey=616263 >> entry.openssl.$size
$toolsdir/csrgen entry.nss.$size > csr.nss.$size
# Both should verify.
- if test "`openssl req -verify -key key.$size -in csr.openssl.$size -noout 2>&1`" != "verify OK" ; then
+ if test "`openssl req -verify -key key.$size -in csr.openssl.$size -noout -noenc 2>&1 | grep -c "verify OK"`" != "1" ; then
echo Signature failed for OpenSSL:
cat csr.openssl.$size
echo Private key:
awk '/BEGIN PRIVATE KEY/,/END PRIVATE KEY/{print}{;}' $tmpdir/key.$size
exit 1
fi
- if test "`openssl req -verify -key key.$size -in csr.nss.$size -noout 2>&1`" != "verify OK" ; then
+ if test "`openssl req -verify -key key.$size -in csr.nss.$size -noout -noenc 2>&1 | grep -c "verify OK"`" != "1" ; then
echo Signature failed for NSS:
cat csr.nss.$size
echo Private key:
--
2.31.1
Reference in New Issue View Git Blame Copy Permalink