Certtool completely relies on libopts. As a side-effect the syntax of dn_oid and key_purpose_oids has changed.

5 files changed, 255 insertions, 3 deletions

diff --git a/tests/cert-tests/Makefile.am b/tests/cert-tests/Makefile.am
index 81042b9f0a..f338f07ef8 100644
--- a/tests/cert-tests/Makefile.am
+++ b/tests/cert-tests/Makefile.am
@@ -19,10 +19,11 @@
 # along with this file; if not, write to the Free Software Foundation,
 # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
 
-EXTRA_DIST = ca-no-pathlen.pem no-ca-or-pathlen.pem aki-cert.pem
+EXTRA_DIST = ca-no-pathlen.pem no-ca-or-pathlen.pem aki-cert.pem \
+	template-test.key template-test.pem    
 
-dist_check_SCRIPTS = pathlen aki
+dist_check_SCRIPTS = pathlen aki template-test
 
-TESTS = pathlen aki
+TESTS = pathlen aki template-test
 
 TESTS_ENVIRONMENT = EXEEXT=$(EXEEXT)
diff --git a/tests/cert-tests/template-test b/tests/cert-tests/template-test
new file mode 100755
index 0000000000..55921526c1
--- /dev/null
+++ b/tests/cert-tests/template-test
@@ -0,0 +1,46 @@
+#!/bin/sh
+
+# Copyright (C) 2006-2008, 2010, 2012 Free Software Foundation, Inc.
+#
+# Author: Simon Josefsson
+#
+# This file is part of GnuTLS.
+#
+# GnuTLS is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 3 of the License, or (at
+# your option) any later version.
+#
+# GnuTLS is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GnuTLS; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+set -e
+
+srcdir=${srcdir:-.}
+CERTTOOL=${CERTTOOL:-../../src/certtool$EXEEXT}
+
+if ! test -x /usr/bin/datefudge;then
+  echo "You need datefudge to run this test"
+  exit 77
+fi
+
+datefudge "2007-04-22" $CERTTOOL --generate-self-signed --load-privkey $srcdir/template-test.key \
+	--template template-test.tmpl --outfile tmp-tt.pem 2>/dev/null
+
+diff $srcdir/template-test.pem tmp-tt.pem
+rc=$?
+
+rm -f tmp-tt.pem
+
+# We're done.
+if test "$rc" != "0"; then
+  exit $rc
+fi
+
+exit 0
diff --git a/tests/cert-tests/template-test.key b/tests/cert-tests/template-test.key
new file mode 100644
index 0000000000..3b5886d5c6
--- /dev/null
+++ b/tests/cert-tests/template-test.key
@@ -0,0 +1,86 @@
+Public Key Info:
+	Public Key Algorithm: RSA
+	Key Security Level: Low
+
+modulus:
+	00:a5:c6:ce:75:43:84:bf:64:9e:02:27:13:f1:03:
+	59:f7:79:2d:92:ed:7c:2f:50:a4:03:f1:2d:79:b9:
+	86:8b:05:7e:3a:bb:44:aa:af:84:cf:13:98:1e:1c:
+	4a:38:f7:33:2d:7a:9f:72:d4:6b:6d:26:b0:31:37:
+	70:10:fb:42:e9:d8:9d:18:65:7e:19:49:fc:05:96:
+	04:68:83:1e:77:86:bf:ed:f5:e5:12:3b:13:fe:33:
+	18:9c:1a:7a:1d:69:af:47:02:60:7a:1f:b9:e8:cf:
+	db:c8:34:30:51:96:3d:8c:96:5c:00:bc:61:de:08:
+	0f:b1:36:21:7f:a9:00:e3:05:
+public exponent:
+	01:00:01:
+private exponent:
+	00:a0:b7:b2:57:6b:83:1a:4f:01:05:53:3f:79:0c:
+	e7:bf:0e:03:4a:0b:e5:b6:b5:76:9d:bf:c7:77:d8:
+	8f:00:de:ed:77:21:31:3c:4d:77:f3:8e:aa:8e:9e:
+	9c:b2:c7:ae:1d:2c:61:c3:60:ff:59:4e:05:c9:61:
+	56:cb:8f:dd:58:eb:b0:40:f8:dd:8d:02:c5:aa:19:
+	3d:fd:b5:89:6f:f8:88:5a:5d:fd:69:8a:21:76:76:
+	9e:c9:fa:50:5f:95:50:3e:b1:79:0d:ce:40:52:e6:
+	08:83:13:ee:a0:a5:69:8d:4c:3e:43:e5:4e:94:82:
+	a1:10:51:a6:92:fc:d3:f9:ad:
+prime1:
+	00:d3:29:62:57:21:b8:17:ad:3e:22:d1:1c:ce:8f:
+	66:f7:67:8d:fd:47:64:99:96:5f:e0:0f:3c:cf:5d:
+	48:3f:17:94:72:4d:5e:d4:eb:4e:41:41:dd:62:56:
+	13:08:86:e8:94:1e:66:04:18:68:44:39:cc:60:6e:
+	90:b0:b6:cb:07:
+prime2:
+	00:c8:fa:51:7c:f2:60:97:41:5c:d0:9f:b6:55:a7:
+	db:a7:3f:b4:6e:cc:bf:a7:b1:09:3a:bb:55:52:23:
+	57:15:60:32:2a:c4:49:8b:ad:02:12:8d:df:aa:4e:
+	bf:b6:37:b9:41:59:d8:17:f5:08:b2:f9:aa:35:30:
+	b1:55:99:c2:93:
+coefficient:
+	56:f4:fd:a3:36:0a:fc:f8:79:7e:86:84:69:b9:6e:
+	51:6f:11:bb:d7:7e:ba:0a:aa:9a:3f:22:70:5c:42:
+	a4:fe:96:3f:6d:61:db:0e:56:50:a9:ad:53:a5:a8:
+	d4:e2:8f:ca:5c:5d:0c:88:7d:b5:17:7d:58:73:37:
+	7d:1e:1e:04:
+exp1:
+	00:90:ec:5f:3c:f3:bc:78:2b:83:70:bb:da:2c:7e:
+	49:29:d5:9d:a2:ce:43:e2:11:4d:9d:e6:77:52:ce:
+	6f:ce:35:6d:c1:81:0e:6b:cd:4f:39:04:6e:5f:96:
+	39:9b:e9:93:68:4c:f0:b1:30:db:26:b0:10:6f:c2:
+	92:75:66:0f:33:
+exp2:
+	23:54:a5:f8:a2:1f:4a:d7:c9:ba:3f:29:6d:9b:69:
+	a8:d8:31:1e:fd:4d:7f:ec:46:64:15:c4:a5:00:e3:
+	71:35:8c:fc:29:af:88:27:6c:e2:d8:20:06:af:7b:
+	52:4c:2f:7c:06:90:4f:7d:da:fe:a3:97:41:6c:82:
+	f0:3a:6c:93:
+
+Public Key ID: 5D:40:AD:F0:CE:94:40:95:8B:7E:99:94:1D:92:54:22:CA:72:36:5F
+Public key's random art:
++--[ RSA 1032]----+
+|       .o+*=.    |
+|     . .o.+oo    |
+|    . *  =EB..   |
+|     + o.oO..    |
+|       .S=.o     |
+|        . *      |
+|         .       |
+|                 |
+|                 |
++-----------------+
+
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQClxs51Q4S/ZJ4CJxPxA1n3eS2S7XwvUKQD8S15uYaLBX46u0Sq
+r4TPE5geHEo49zMtep9y1GttJrAxN3AQ+0Lp2J0YZX4ZSfwFlgRogx53hr/t9eUS
+OxP+MxicGnodaa9HAmB6H7noz9vINDBRlj2MllwAvGHeCA+xNiF/qQDjBQIDAQAB
+AoGBAKC3sldrgxpPAQVTP3kM578OA0oL5ba1dp2/x3fYjwDe7XchMTxNd/OOqo6e
+nLLHrh0sYcNg/1lOBclhVsuP3VjrsED43Y0CxaoZPf21iW/4iFpd/WmKIXZ2nsn6
+UF+VUD6xeQ3OQFLmCIMT7qClaY1MPkPlTpSCoRBRppL80/mtAkEA0yliVyG4F60+
+ItEczo9m92eN/UdkmZZf4A88z11IPxeUck1e1OtOQUHdYlYTCIbolB5mBBhoRDnM
+YG6QsLbLBwJBAMj6UXzyYJdBXNCftlWn26c/tG7Mv6exCTq7VVIjVxVgMirESYut
+AhKN36pOv7Y3uUFZ2Bf1CLL5qjUwsVWZwpMCQQCQ7F8887x4K4Nwu9osfkkp1Z2i
+zkPiEU2d5ndSzm/ONW3BgQ5rzU85BG5fljmb6ZNoTPCxMNsmsBBvwpJ1Zg8zAkAj
+VKX4oh9K18m6Pyltm2mo2DEe/U1/7EZkFcSlAONxNYz8Ka+IJ2zi2CAGr3tSTC98
+BpBPfdr+o5dBbILwOmyTAkBW9P2jNgr8+Hl+hoRpuW5RbxG71366CqqaPyJwXEKk
+/pY/bWHbDlZQqa1TpajU4o/KXF0MiH21F31Yczd9Hh4E
+-----END RSA PRIVATE KEY-----
diff --git a/tests/cert-tests/template-test.pem b/tests/cert-tests/template-test.pem
new file mode 100644
index 0000000000..a03f76af1f
--- /dev/null
+++ b/tests/cert-tests/template-test.pem
@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDnDCCAwWgAwIBAgIBBzANBgkqhkiG9w0BAQsFADCBuDELMAkGA1UEBhMCR1Ix
+EjAQBgNVBAoTCUtva28gaW5jLjEXMBUGA1UECxMOc2xlZXBpbmcgZGVwdC4xDzAN
+BgNVBAgTBkF0dGlraTEVMBMGA1UEAxMMQ2luZHkgTGF1cGVyMRcwFQYKCZImiZPy
+LGQBARMHY2xhdXBlcjEMMAoGA1UEDBMDRHIuMQ8wDQYDVQRBEwZqYWNrYWwxHDAa
+BgkqhkiG9w0BCQEWDW5vbmVAbm9uZS5vcmcwHhcNMDcwNDIxMjIwMDAwWhcNMTQw
+NTI0MjIwMDAwWjCBuDELMAkGA1UEBhMCR1IxEjAQBgNVBAoTCUtva28gaW5jLjEX
+MBUGA1UECxMOc2xlZXBpbmcgZGVwdC4xDzANBgNVBAgTBkF0dGlraTEVMBMGA1UE
+AxMMQ2luZHkgTGF1cGVyMRcwFQYKCZImiZPyLGQBARMHY2xhdXBlcjEMMAoGA1UE
+DBMDRHIuMQ8wDQYDVQRBEwZqYWNrYWwxHDAaBgkqhkiG9w0BCQEWDW5vbmVAbm9u
+ZS5vcmcwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKXGznVDhL9kngInE/ED
+Wfd5LZLtfC9QpAPxLXm5hosFfjq7RKqvhM8TmB4cSjj3My16n3LUa20msDE3cBD7
+QunYnRhlfhlJ/AWWBGiDHneGv+315RI7E/4zGJwaeh1pr0cCYHofuejP28g0MFGW
+PYyWXAC8Yd4ID7E2IX+pAOMFAgMBAAGjgbMwgbAwDwYDVR0TAQH/BAUwAwEB/zAo
+BgNVHREEITAfgQ1ub25lQG5vbmUub3JngQ53aGVyZUBub25lLm9yZzATBgNVHSUE
+DDAKBggrBgEFBQcDCTAPBgNVHQ8BAf8EBQMDBwQAMB0GA1UdDgQWBBRdQK3wzpRA
+lYt+mZQdklQiynI2XzAuBgNVHR8EJzAlMCOgIaAfhh1odHRwOi8vd3d3LmdldGNy
+bC5jcmwvZ2V0Y3JsLzANBgkqhkiG9w0BAQsFAAOBgQAsb5CiRDrbnjVVdYf61tit
+YvgVHbGvJF+Pfh7wjCVI0fccI5utg4Db6BMcIsmApEiuPyT6zg3/rbfHjeI7ECsA
+dYElh+vchUfG/O7vF93rPx0SuAy1vyQNSsva4LrfI/85QurlQHXPeWzoze9QsPuw
+vY5pG1TfOd68ezbj+k3J0Q==
+-----END CERTIFICATE-----
diff --git a/tests/cert-tests/template-test.tmpl b/tests/cert-tests/template-test.tmpl
new file mode 100644
index 0000000000..8acbd05396
--- /dev/null
+++ b/tests/cert-tests/template-test.tmpl
@@ -0,0 +1,97 @@
+# X.509 Certificate options
+#
+# DN options
+
+# The organization of the subject.
+organization = "Koko inc."
+
+# The organizational unit of the subject.
+unit = "sleeping dept."
+
+# The locality of the subject.
+# locality =
+
+# The state of the certificate owner.
+state = "Attiki"
+
+# The country of the subject. Two letter code.
+country = GR
+
+# The common name of the certificate owner.
+cn = "Cindy Lauper"
+
+# A user id of the certificate owner.
+uid = "clauper"
+
+# If the supported DN OIDs are not adequate you can set
+# any OID here.
+# For example set the X.520 Title and the X.520 Pseudonym
+# by using OID and string pairs.
+dn_oid = 2.5.4.12 Dr.
+dn_oid = 2.5.4.65 jackal
+
+# This is deprecated and should not be used in new
+# certificates.
+pkcs9_email = "none@none.org"
+
+# The serial number of the certificate
+serial = 7
+
+# In how many days, counting from today, this certificate will expire.
+expiration_days = 2590
+
+# X.509 v3 extensions
+
+# A dnsname in case of a WWW server.
+dns_name = "www.none.org"
+dns_name = "www.morethanone.org"
+
+# An IP address in case of a server.
+ip_address = "192.168.1.1"
+
+dns_name = "www.evenmorethanone.org"
+
+# An email in case of a person
+email = "none@none.org"
+
+# An URL that has CRLs (certificate revocation lists)
+# available. Needed in CA certificates.
+crl_dist_points = "http://www.getcrl.crl/getcrl/"
+
+email = "where@none.org"
+
+# Whether this is a CA certificate or not
+ca
+
+# Whether this certificate will be used for a TLS client
+#tls_www_client
+
+# Whether this certificate will be used for a TLS server
+#tls_www_server
+
+# Whether this certificate will be used to sign data (needed
+# in TLS DHE ciphersuites).
+signing_key
+
+# Whether this certificate will be used to encrypt data (needed
+# in TLS RSA ciphersuites). Note that it is preferred to use different
+# keys for encryption and signing.
+#encryption_key
+
+# Whether this key will be used to sign other certificates.
+cert_signing_key
+
+# Whether this key will be used to sign CRLs.
+#crl_signing_key
+
+# Whether this key will be used to sign code.
+#code_signing_key
+
+# Whether this key will be used to sign OCSP data.
+ocsp_signing_key
+
+# Whether this key will be used for time stamping.
+#time_stamping_key
+
+# Whether this key will be used for IPsec IKE operations.
+#ipsec_ike_key