diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2019-05-20 14:40:31 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2019-05-20 21:37:13 +0200 |
commit | b2e7ed0b5d2ee90874a66fc9a054812155e50448 (patch) | |
tree | 1930e8b9ce8bc25fce85b09de2be928ef41c097a /tests/suite | |
parent | 45e2c62020c272ec9ef44057edcc4261969b5256 (diff) | |
download | gnutls-b2e7ed0b5d2ee90874a66fc9a054812155e50448.tar.gz |
Added profile to correspond to the future security parameter
It seems that the FUTURE security level parameter was added
without a corresponding verification profile. This patch address
the issue by introducing it.
Resolves: #770
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Diffstat (limited to 'tests/suite')
-rwxr-xr-x | tests/suite/certs/create-chain.sh | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/tests/suite/certs/create-chain.sh b/tests/suite/certs/create-chain.sh index 494a5d92e5..c616189e63 100755 --- a/tests/suite/certs/create-chain.sh +++ b/tests/suite/certs/create-chain.sh @@ -16,6 +16,11 @@ LAST=`expr ${NUM} - 1` rm -rf "${OUTPUT}" mkdir -p "${OUTPUT}" +#KEY_TYPE_ROOT="--key-type rsa-pss --bits 2048 --hash sha384 --salt-size 64" +KEY_TYPE_ROOT="--key-type ecdsa --curve secp521r1" +KEY_TYPE_SUBCA="--key-type rsa-pss --bits 2048 --hash sha256 --salt-size 64" +KEY_TYPE="--key-type ecdsa --curve secp521r1" + counter=0 while test ${counter} -lt ${NUM}; do if test ${counter} = ${LAST}; then @@ -25,7 +30,7 @@ while test ${counter} -lt ${NUM}; do fi if test ${counter} = 0; then - "${CERTTOOL}" --key-type rsa-pss --bits 2048 --hash sha256 --salt-size 64 --generate-privkey >"${OUTPUT}/${name}.key" 2>/dev/null + "${CERTTOOL}" ${KEY_TYPE} --generate-privkey >"${OUTPUT}/${name}.key" 2>/dev/null # ROOT CA echo "cn = ${name}" >"${TEMPLATE}" echo "ca" >>"${TEMPLATE}" @@ -40,7 +45,7 @@ while test ${counter} -lt ${NUM}; do "${OUTPUT}/${name}.crl" --template "${TEMPLATE}" 2>/dev/null else if test ${counter} = ${LAST}; then - "${CERTTOOL}" --key-type rsa --bits 2048 --generate-privkey >"${OUTPUT}/${name}.key" 2>/dev/null + "${CERTTOOL}" ${KEY_TYPE} --generate-privkey >"${OUTPUT}/${name}.key" 2>/dev/null # END certificate echo "cn = ${name}" >"${TEMPLATE}" echo "dns_name = localhost" >>"${TEMPLATE}" @@ -52,7 +57,7 @@ while test ${counter} -lt ${NUM}; do --load-ca-privkey "${OUTPUT}/${prev_name}.key" \ --outfile "${OUTPUT}/${name}.crt" --template "${TEMPLATE}" -d 4 #2>/dev/null else - "${CERTTOOL}" --key-type rsa-pss --bits 2048 --hash sha384 --salt-size 48 --generate-privkey >"${OUTPUT}/${name}.key" -d 4 #2>/dev/null + "${CERTTOOL}" ${KEY_TYPE_SUBCA} --generate-privkey >"${OUTPUT}/${name}.key" -d 4 #2>/dev/null # intermediate CA echo "cn = ${name}" >"${TEMPLATE}" echo "ca" >>"${TEMPLATE}" |