e859029ea0
Resolves: rhbz#2092456
213 lines
11 KiB
Diff
213 lines
11 KiB
Diff
diff --git a/test/certs/embeddedSCTs1_issuer.pem b/test/certs/embeddedSCTs1_issuer.pem
|
|
index 1fa449d5a098..6aa9455f09ed 100644
|
|
--- a/test/certs/embeddedSCTs1_issuer.pem
|
|
+++ b/test/certs/embeddedSCTs1_issuer.pem
|
|
@@ -1,18 +1,18 @@
|
|
-----BEGIN CERTIFICATE-----
|
|
-MIIC0DCCAjmgAwIBAgIBADANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJHQjEk
|
|
+MIIC0jCCAjugAwIBAgIBADANBgkqhkiG9w0BAQsFADBVMQswCQYDVQQGEwJHQjEk
|
|
MCIGA1UEChMbQ2VydGlmaWNhdGUgVHJhbnNwYXJlbmN5IENBMQ4wDAYDVQQIEwVX
|
|
-YWxlczEQMA4GA1UEBxMHRXJ3IFdlbjAeFw0xMjA2MDEwMDAwMDBaFw0yMjA2MDEw
|
|
-MDAwMDBaMFUxCzAJBgNVBAYTAkdCMSQwIgYDVQQKExtDZXJ0aWZpY2F0ZSBUcmFu
|
|
-c3BhcmVuY3kgQ0ExDjAMBgNVBAgTBVdhbGVzMRAwDgYDVQQHEwdFcncgV2VuMIGf
|
|
-MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDVimhTYhCicRmTbneDIRgcKkATxtB7
|
|
-jHbrkVfT0PtLO1FuzsvRyY2RxS90P6tjXVUJnNE6uvMa5UFEJFGnTHgW8iQ8+EjP
|
|
-KDHM5nugSlojgZ88ujfmJNnDvbKZuDnd/iYx0ss6hPx7srXFL8/BT/9Ab1zURmnL
|
|
-svfP34b7arnRsQIDAQABo4GvMIGsMB0GA1UdDgQWBBRfnYgNyHPmVNT4DdjmsMEk
|
|
-tEfDVTB9BgNVHSMEdjB0gBRfnYgNyHPmVNT4DdjmsMEktEfDVaFZpFcwVTELMAkG
|
|
-A1UEBhMCR0IxJDAiBgNVBAoTG0NlcnRpZmljYXRlIFRyYW5zcGFyZW5jeSBDQTEO
|
|
-MAwGA1UECBMFV2FsZXMxEDAOBgNVBAcTB0VydyBXZW6CAQAwDAYDVR0TBAUwAwEB
|
|
-/zANBgkqhkiG9w0BAQUFAAOBgQAGCMxKbWTyIF4UbASydvkrDvqUpdryOvw4BmBt
|
|
-OZDQoeojPUApV2lGOwRmYef6HReZFSCa6i4Kd1F2QRIn18ADB8dHDmFYT9czQiRy
|
|
-f1HWkLxHqd81TbD26yWVXeGJPE3VICskovPkQNJ0tU4b03YmnKliibduyqQQkOFP
|
|
-OwqULg==
|
|
+YWxlczEQMA4GA1UEBxMHRXJ3IFdlbjAgFw0yMjA2MDExMDM4MDJaGA8yMTIyMDUw
|
|
+ODEwMzgwMlowVTELMAkGA1UEBhMCR0IxJDAiBgNVBAoTG0NlcnRpZmljYXRlIFRy
|
|
+YW5zcGFyZW5jeSBDQTEOMAwGA1UECBMFV2FsZXMxEDAOBgNVBAcTB0VydyBXZW4w
|
|
+gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANWKaFNiEKJxGZNud4MhGBwqQBPG
|
|
+0HuMduuRV9PQ+0s7UW7Oy9HJjZHFL3Q/q2NdVQmc0Tq68xrlQUQkUadMeBbyJDz4
|
|
+SM8oMczme6BKWiOBnzy6N+Yk2cO9spm4Od3+JjHSyzqE/HuytcUvz8FP/0BvXNRG
|
|
+acuy98/fhvtqudGxAgMBAAGjga8wgawwHQYDVR0OBBYEFF+diA3Ic+ZU1PgN2Oaw
|
|
+wSS0R8NVMH0GA1UdIwR2MHSAFF+diA3Ic+ZU1PgN2OawwSS0R8NVoVmkVzBVMQsw
|
|
+CQYDVQQGEwJHQjEkMCIGA1UEChMbQ2VydGlmaWNhdGUgVHJhbnNwYXJlbmN5IENB
|
|
+MQ4wDAYDVQQIEwVXYWxlczEQMA4GA1UEBxMHRXJ3IFdlboIBADAMBgNVHRMEBTAD
|
|
+AQH/MA0GCSqGSIb3DQEBCwUAA4GBAD0aYh9OkFYfXV7kBfhrtD0PJG2U47OV/1qq
|
|
++uFpqB0S1WO06eJT0pzYf1ebUcxjBkajbJZm/FHT85VthZ1lFHsky87aFD8XlJCo
|
|
+2IOhKOkvvWKPUdFLoO/ZVXqEVKkcsS1eXK1glFvb07eJZya3JVG0KdMhV2YoDg6c
|
|
+Doud4XrO
|
|
-----END CERTIFICATE-----
|
|
diff --git a/test/certs/sm2-ca-cert.pem b/test/certs/sm2-ca-cert.pem
|
|
index 5677ac6c9f6a..70ce71e43091 100644
|
|
--- a/test/certs/sm2-ca-cert.pem
|
|
+++ b/test/certs/sm2-ca-cert.pem
|
|
@@ -1,14 +1,14 @@
|
|
-----BEGIN CERTIFICATE-----
|
|
-MIICJDCCAcqgAwIBAgIJAOlkpDpSrmVbMAoGCCqBHM9VAYN1MGgxCzAJBgNVBAYT
|
|
+MIICJzCCAcygAwIBAgIJAOlkpDpSrmVbMAoGCCqBHM9VAYN1MGgxCzAJBgNVBAYT
|
|
AkNOMQswCQYDVQQIDAJMTjERMA8GA1UEBwwIU2hlbnlhbmcxETAPBgNVBAoMCFRl
|
|
-c3QgT3JnMRAwDgYDVQQLDAdUZXN0IE9VMRQwEgYDVQQDDAtUZXN0IFNNMiBDQTAe
|
|
-Fw0xOTAyMTkwNzA1NDhaFw0yMzAzMzAwNzA1NDhaMGgxCzAJBgNVBAYTAkNOMQsw
|
|
-CQYDVQQIDAJMTjERMA8GA1UEBwwIU2hlbnlhbmcxETAPBgNVBAoMCFRlc3QgT3Jn
|
|
-MRAwDgYDVQQLDAdUZXN0IE9VMRQwEgYDVQQDDAtUZXN0IFNNMiBDQTBZMBMGByqG
|
|
-SM49AgEGCCqBHM9VAYItA0IABHRYnqErofBdXPptvvO7+BSVJxcpHuTGnZ+UPrbU
|
|
-5kVEUMaUnNOeMJZl/vRGimZCm/AkReJmRfnb15ESHR+ssp6jXTBbMB0GA1UdDgQW
|
|
-BBTFjcWu/zJgSZ5SKUlU5Vx4/0W5dDAfBgNVHSMEGDAWgBTFjcWu/zJgSZ5SKUlU
|
|
-5Vx4/0W5dDAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjAKBggqgRzPVQGDdQNI
|
|
-ADBFAiEAs6byi1nSQtFELOw/2tQIv5AEsZFR5MJ/oB2ztXzs2LYCIEfIw4xlUH6X
|
|
-YFhs4RnIa0K9Ng1ebsGPrifYkudwBIk3
|
|
+c3QgT3JnMRAwDgYDVQQLDAdUZXN0IE9VMRQwEgYDVQQDDAtUZXN0IFNNMiBDQTAg
|
|
+Fw0yMjA2MDIxNTQ5MzlaGA8yMTIyMDUwOTE1NDkzOVowaDELMAkGA1UEBhMCQ04x
|
|
+CzAJBgNVBAgMAkxOMREwDwYDVQQHDAhTaGVueWFuZzERMA8GA1UECgwIVGVzdCBP
|
|
+cmcxEDAOBgNVBAsMB1Rlc3QgT1UxFDASBgNVBAMMC1Rlc3QgU00yIENBMFkwEwYH
|
|
+KoZIzj0CAQYIKoEcz1UBgi0DQgAEdFieoSuh8F1c+m2+87v4FJUnFyke5Madn5Q+
|
|
+ttTmRURQxpSc054wlmX+9EaKZkKb8CRF4mZF+dvXkRIdH6yynqNdMFswHQYDVR0O
|
|
+BBYEFMWNxa7/MmBJnlIpSVTlXHj/Rbl0MB8GA1UdIwQYMBaAFMWNxa7/MmBJnlIp
|
|
+SVTlXHj/Rbl0MAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMAoGCCqBHM9VAYN1
|
|
+A0kAMEYCIQC3c2TkO6Lyxt5GNZqoZNuMEphjL9K7W1TsX6mHzlhHDwIhAICXy2XC
|
|
+WsTzdrMZUXLtrDDFOq+3FaD4pe1HP2LZFNpu
|
|
-----END CERTIFICATE-----
|
|
diff --git a/test/certs/sm2-root.crt b/test/certs/sm2-root.crt
|
|
index 5677ac6c9f6a..70ce71e43091 100644
|
|
--- a/test/certs/sm2-root.crt
|
|
+++ b/test/certs/sm2-root.crt
|
|
@@ -1,14 +1,14 @@
|
|
-----BEGIN CERTIFICATE-----
|
|
-MIICJDCCAcqgAwIBAgIJAOlkpDpSrmVbMAoGCCqBHM9VAYN1MGgxCzAJBgNVBAYT
|
|
+MIICJzCCAcygAwIBAgIJAOlkpDpSrmVbMAoGCCqBHM9VAYN1MGgxCzAJBgNVBAYT
|
|
AkNOMQswCQYDVQQIDAJMTjERMA8GA1UEBwwIU2hlbnlhbmcxETAPBgNVBAoMCFRl
|
|
-c3QgT3JnMRAwDgYDVQQLDAdUZXN0IE9VMRQwEgYDVQQDDAtUZXN0IFNNMiBDQTAe
|
|
-Fw0xOTAyMTkwNzA1NDhaFw0yMzAzMzAwNzA1NDhaMGgxCzAJBgNVBAYTAkNOMQsw
|
|
-CQYDVQQIDAJMTjERMA8GA1UEBwwIU2hlbnlhbmcxETAPBgNVBAoMCFRlc3QgT3Jn
|
|
-MRAwDgYDVQQLDAdUZXN0IE9VMRQwEgYDVQQDDAtUZXN0IFNNMiBDQTBZMBMGByqG
|
|
-SM49AgEGCCqBHM9VAYItA0IABHRYnqErofBdXPptvvO7+BSVJxcpHuTGnZ+UPrbU
|
|
-5kVEUMaUnNOeMJZl/vRGimZCm/AkReJmRfnb15ESHR+ssp6jXTBbMB0GA1UdDgQW
|
|
-BBTFjcWu/zJgSZ5SKUlU5Vx4/0W5dDAfBgNVHSMEGDAWgBTFjcWu/zJgSZ5SKUlU
|
|
-5Vx4/0W5dDAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjAKBggqgRzPVQGDdQNI
|
|
-ADBFAiEAs6byi1nSQtFELOw/2tQIv5AEsZFR5MJ/oB2ztXzs2LYCIEfIw4xlUH6X
|
|
-YFhs4RnIa0K9Ng1ebsGPrifYkudwBIk3
|
|
+c3QgT3JnMRAwDgYDVQQLDAdUZXN0IE9VMRQwEgYDVQQDDAtUZXN0IFNNMiBDQTAg
|
|
+Fw0yMjA2MDIxNTQ5MzlaGA8yMTIyMDUwOTE1NDkzOVowaDELMAkGA1UEBhMCQ04x
|
|
+CzAJBgNVBAgMAkxOMREwDwYDVQQHDAhTaGVueWFuZzERMA8GA1UECgwIVGVzdCBP
|
|
+cmcxEDAOBgNVBAsMB1Rlc3QgT1UxFDASBgNVBAMMC1Rlc3QgU00yIENBMFkwEwYH
|
|
+KoZIzj0CAQYIKoEcz1UBgi0DQgAEdFieoSuh8F1c+m2+87v4FJUnFyke5Madn5Q+
|
|
+ttTmRURQxpSc054wlmX+9EaKZkKb8CRF4mZF+dvXkRIdH6yynqNdMFswHQYDVR0O
|
|
+BBYEFMWNxa7/MmBJnlIpSVTlXHj/Rbl0MB8GA1UdIwQYMBaAFMWNxa7/MmBJnlIp
|
|
+SVTlXHj/Rbl0MAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMAoGCCqBHM9VAYN1
|
|
+A0kAMEYCIQC3c2TkO6Lyxt5GNZqoZNuMEphjL9K7W1TsX6mHzlhHDwIhAICXy2XC
|
|
+WsTzdrMZUXLtrDDFOq+3FaD4pe1HP2LZFNpu
|
|
-----END CERTIFICATE-----
|
|
diff --git a/test/certs/sm2.pem b/test/certs/sm2.pem
|
|
index 189abb137625..daf12926aff9 100644
|
|
--- a/test/certs/sm2.pem
|
|
+++ b/test/certs/sm2.pem
|
|
@@ -1,13 +1,14 @@
|
|
-----BEGIN CERTIFICATE-----
|
|
-MIIB6DCCAY6gAwIBAgIJAKH2BR6ITHZeMAoGCCqBHM9VAYN1MGgxCzAJBgNVBAYT
|
|
-AkNOMQswCQYDVQQIDAJMTjERMA8GA1UEBwwIU2hlbnlhbmcxETAPBgNVBAoMCFRl
|
|
-c3QgT3JnMRAwDgYDVQQLDAdUZXN0IE9VMRQwEgYDVQQDDAtUZXN0IFNNMiBDQTAe
|
|
-Fw0xOTAyMTkwNzA1NDhaFw0yMzAzMzAwNzA1NDhaMG8xCzAJBgNVBAYTAkNOMQsw
|
|
-CQYDVQQIDAJMTjERMA8GA1UEBwwIU2hlbnlhbmcxETAPBgNVBAoMCFRlc3QgT3Jn
|
|
-MRAwDgYDVQQLDAdUZXN0IE9VMRswGQYDVQQDDBJUZXN0IFNNMiBTaWduIENlcnQw
|
|
-WTATBgcqhkjOPQIBBggqgRzPVQGCLQNCAAQwqeNkWp7fiu1KZnuDkAucpM8piEzE
|
|
-TL1ymrcrOBvv8mhNNkeb20asbWgFQI2zOrSM99/sXGn9rM2/usM/MlcaoxowGDAJ
|
|
-BgNVHRMEAjAAMAsGA1UdDwQEAwIGwDAKBggqgRzPVQGDdQNIADBFAiEA9edBnAqT
|
|
-TNuGIUIvXsj6/nP+AzXA9HGtAIY4nrqW8LkCIHyZzhRTlxYtgfqkDl0OK5QQRCZH
|
|
-OZOfmtx613VyzXwc
|
|
+MIICNDCCAdugAwIBAgIUOMbsiFLCy2BCPtfHQSdG4R1+3BowCgYIKoEcz1UBg3Uw
|
|
+aDELMAkGA1UEBhMCQ04xCzAJBgNVBAgMAkxOMREwDwYDVQQHDAhTaGVueWFuZzER
|
|
+MA8GA1UECgwIVGVzdCBPcmcxEDAOBgNVBAsMB1Rlc3QgT1UxFDASBgNVBAMMC1Rl
|
|
+c3QgU00yIENBMCAXDTIyMDYwMjE1NTU0OFoYDzIxMjIwNTA5MTU1NTQ4WjBvMQsw
|
|
+CQYDVQQGEwJDTjELMAkGA1UECAwCTE4xETAPBgNVBAcMCFNoZW55YW5nMREwDwYD
|
|
+VQQKDAhUZXN0IE9yZzEQMA4GA1UECwwHVGVzdCBPVTEbMBkGA1UEAwwSVGVzdCBT
|
|
+TTIgU2lnbiBDZXJ0MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEMKnjZFqe34rt
|
|
+SmZ7g5ALnKTPKYhMxEy9cpq3Kzgb7/JoTTZHm9tGrG1oBUCNszq0jPff7Fxp/azN
|
|
+v7rDPzJXGqNaMFgwCQYDVR0TBAIwADALBgNVHQ8EBAMCBsAwHQYDVR0OBBYEFNPl
|
|
+u8JjXkhQPiJ5bYrrq+voqBUlMB8GA1UdIwQYMBaAFMWNxa7/MmBJnlIpSVTlXHj/
|
|
+Rbl0MAoGCCqBHM9VAYN1A0cAMEQCIG3gG1D7T7ltn6Gz1UksBZahgBE6jmkQ9Sp9
|
|
+/3aY5trlAiB5adxiK0avV0LEKfbzTdff9skoZpd7vje1QTW0l0HaGg==
|
|
-----END CERTIFICATE-----
|
|
diff --git a/test/smime-certs/mksmime-certs.sh b/test/smime-certs/mksmime-certs.sh
|
|
index 12e8a7305402..109b9c4abc28 100644
|
|
--- a/test/smime-certs/mksmime-certs.sh
|
|
+++ b/test/smime-certs/mksmime-certs.sh
|
|
@@ -15,23 +15,23 @@ export OPENSSL_CONF
|
|
|
|
# Root CA: create certificate directly
|
|
CN="Test S/MIME RSA Root" $OPENSSL req -config ca.cnf -x509 -noenc \
|
|
- -keyout smroot.pem -out smroot.pem -newkey rsa:2048 -days 3650
|
|
+ -keyout smroot.pem -out smroot.pem -newkey rsa:2048 -days 36501
|
|
|
|
# EE RSA certificates: create request first
|
|
CN="Test S/MIME EE RSA #1" $OPENSSL req -config ca.cnf -noenc \
|
|
-keyout smrsa1.pem -out req.pem -newkey rsa:2048
|
|
# Sign request: end entity extensions
|
|
-$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \
|
|
+$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 36500 \
|
|
-extfile ca.cnf -extensions usr_cert -CAcreateserial >>smrsa1.pem
|
|
|
|
CN="Test S/MIME EE RSA #2" $OPENSSL req -config ca.cnf -noenc \
|
|
-keyout smrsa2.pem -out req.pem -newkey rsa:2048
|
|
-$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \
|
|
+$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 36500 \
|
|
-extfile ca.cnf -extensions usr_cert -CAcreateserial >>smrsa2.pem
|
|
|
|
CN="Test S/MIME EE RSA #3" $OPENSSL req -config ca.cnf -noenc \
|
|
-keyout smrsa3.pem -out req.pem -newkey rsa:2048
|
|
-$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \
|
|
+$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 36500 \
|
|
-extfile ca.cnf -extensions usr_cert -CAcreateserial >>smrsa3.pem
|
|
|
|
# Create DSA parameters
|
|
@@ -40,15 +40,15 @@ $OPENSSL dsaparam -out dsap.pem 2048
|
|
|
|
CN="Test S/MIME EE DSA #1" $OPENSSL req -config ca.cnf -noenc \
|
|
-keyout smdsa1.pem -out req.pem -newkey dsa:dsap.pem
|
|
-$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \
|
|
+$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 36500 \
|
|
-extfile ca.cnf -extensions usr_cert -CAcreateserial >>smdsa1.pem
|
|
CN="Test S/MIME EE DSA #2" $OPENSSL req -config ca.cnf -noenc \
|
|
-keyout smdsa2.pem -out req.pem -newkey dsa:dsap.pem
|
|
-$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \
|
|
+$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 36500 \
|
|
-extfile ca.cnf -extensions usr_cert -CAcreateserial >>smdsa2.pem
|
|
CN="Test S/MIME EE DSA #3" $OPENSSL req -config ca.cnf -noenc \
|
|
-keyout smdsa3.pem -out req.pem -newkey dsa:dsap.pem
|
|
-$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \
|
|
+$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 36500 \
|
|
-extfile ca.cnf -extensions usr_cert -CAcreateserial >>smdsa3.pem
|
|
|
|
# Create EC parameters
|
|
@@ -58,16 +58,17 @@ $OPENSSL ecparam -out ecp2.pem -name K-283
|
|
|
|
CN="Test S/MIME EE EC #1" $OPENSSL req -config ca.cnf -noenc \
|
|
-keyout smec1.pem -out req.pem -newkey ec:ecp.pem
|
|
-$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \
|
|
+$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 36500 \
|
|
-extfile ca.cnf -extensions usr_cert -CAcreateserial >>smec1.pem
|
|
CN="Test S/MIME EE EC #2" $OPENSSL req -config ca.cnf -noenc \
|
|
-keyout smec2.pem -out req.pem -newkey ec:ecp2.pem
|
|
-$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \
|
|
+$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 36500 \
|
|
-extfile ca.cnf -extensions usr_cert -CAcreateserial >>smec2.pem
|
|
-CN="Test S/MIME EE EC #3" $OPENSSL req -config ca.cnf -noenc \
|
|
- -keyout smec3.pem -out req.pem -newkey ec:ecp.pem
|
|
-$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \
|
|
- -extfile ca.cnf -extensions usr_cert -CAcreateserial >>smec3.pem
|
|
+# Do not renew this cert as it is used for legacy data decrypt test
|
|
+#CN="Test S/MIME EE EC #3" $OPENSSL req -config ca.cnf -noenc \
|
|
+# -keyout smec3.pem -out req.pem -newkey ec:ecp.pem
|
|
+#$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 36500 \
|
|
+# -extfile ca.cnf -extensions usr_cert -CAcreateserial >>smec3.pem
|
|
# Create X9.42 DH parameters.
|
|
$OPENSSL genpkey -genparam -algorithm DHX -out dhp.pem
|
|
# Generate X9.42 DH key.
|
|
@@ -77,7 +78,7 @@ $OPENSSL pkey -pubout -in smdh.pem -out dhpub.pem
|
|
CN="Test S/MIME EE DH #1" $OPENSSL req -config ca.cnf -noenc \
|
|
-keyout smtmp.pem -out req.pem -newkey rsa:2048
|
|
# Sign request but force public key to DH
|
|
-$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \
|
|
+$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 36500 \
|
|
-force_pubkey dhpub.pem \
|
|
-extfile ca.cnf -extensions usr_cert -CAcreateserial >>smdh.pem
|
|
# Remove temp files.
|