mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2025-01-25 00:31:05 +00:00
Generate server1* CRTs and CSRs through Mbed TLS applications
Previously, CSRs and CRTs from the server1* family in testa/data_files were generated through OpenSSL. This commit changes the build instructions to use Mbed TLS' example applications programs/x509/cert_write and programs/x509/cert_req instead.
This commit is contained in:
parent
56e84632ef
commit
50cb93a04c
|
@ -14,6 +14,8 @@
|
||||||
OPENSSL ?= openssl
|
OPENSSL ?= openssl
|
||||||
FAKETIME ?= faketime
|
FAKETIME ?= faketime
|
||||||
MBEDTLS_CERT_WRITE ?= $(PWD)/../../programs/x509/cert_write
|
MBEDTLS_CERT_WRITE ?= $(PWD)/../../programs/x509/cert_write
|
||||||
|
MBEDTLS_CERT_REQ ?= $(PWD)/../../programs/x509/cert_req
|
||||||
|
|
||||||
|
|
||||||
## Build the generated test data. Note that since the final outputs
|
## Build the generated test data. Note that since the final outputs
|
||||||
## are committed to the repository, this target should do nothing on a
|
## are committed to the repository, this target should do nothing on a
|
||||||
|
@ -714,6 +716,50 @@ ec_prv.pk8param.pem: ec_prv.pk8param.der
|
||||||
$(OPENSSL) pkey -in $< -inform DER -out $@
|
$(OPENSSL) pkey -in $< -inform DER -out $@
|
||||||
all_final += ec_prv.pk8param.pem
|
all_final += ec_prv.pk8param.pem
|
||||||
|
|
||||||
|
################################################################
|
||||||
|
### Generate CSRs for X.509 write test suite
|
||||||
|
################################################################
|
||||||
|
|
||||||
|
server1.req.sha1: server1.key
|
||||||
|
$(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA1
|
||||||
|
all_final += server1.req.sha1
|
||||||
|
|
||||||
|
server1.req.md4: server1.key
|
||||||
|
$(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=MD4
|
||||||
|
all_final += server1.req.md4
|
||||||
|
|
||||||
|
server1.req.md5: server1.key
|
||||||
|
$(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=MD5
|
||||||
|
all_final += server1.req.md5
|
||||||
|
|
||||||
|
server1.req.sha224: server1.key
|
||||||
|
$(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA224
|
||||||
|
all_final += server1.req.sha224
|
||||||
|
|
||||||
|
server1.req.sha256: server1.key
|
||||||
|
$(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA256
|
||||||
|
all_final += server1.req.sha256
|
||||||
|
|
||||||
|
server1.req.sha384: server1.key
|
||||||
|
$(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA384
|
||||||
|
all_final += server1.req.sha384
|
||||||
|
|
||||||
|
server1.req.sha512: server1.key
|
||||||
|
$(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA512
|
||||||
|
all_final += server1.req.sha512
|
||||||
|
|
||||||
|
server1.req.cert_type: server1.key
|
||||||
|
$(MBEDTLS_CERT_REQ) output_file=$@ filename=$< ns_cert_type=ssl_server subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA1
|
||||||
|
all_final += server1.req.cert_type
|
||||||
|
|
||||||
|
server1.req.key_usage: server1.key
|
||||||
|
$(MBEDTLS_CERT_REQ) output_file=$@ filename=$< key_usage=digital_signature,non_repudiation,key_encipherment subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA1
|
||||||
|
all_final += server1.req.key_usage
|
||||||
|
|
||||||
|
server1.req.ku-ct: server1.key
|
||||||
|
$(MBEDTLS_CERT_REQ) output_file=$@ filename=$< key_usage=digital_signature,non_repudiation,key_encipherment ns_cert_type=ssl_server subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA1
|
||||||
|
all_final += server1.req.ku-ct
|
||||||
|
|
||||||
################################################################
|
################################################################
|
||||||
### Generate certificates for CRT write check tests
|
### Generate certificates for CRT write check tests
|
||||||
################################################################
|
################################################################
|
||||||
|
@ -730,36 +776,34 @@ test_ca_server1_db = test-ca.server1.db
|
||||||
test_ca_server1_serial = test-ca.server1.serial
|
test_ca_server1_serial = test-ca.server1.serial
|
||||||
test_ca_server1_config_file = test-ca.server1.opensslconf
|
test_ca_server1_config_file = test-ca.server1.opensslconf
|
||||||
|
|
||||||
server1.csr: server1.key server1_csr.opensslconf
|
# server1*
|
||||||
$(OPENSSL) req -keyform PEM -key server1.key -config server1_csr.opensslconf -out $@ -new
|
|
||||||
all_final += server1.csr
|
|
||||||
|
|
||||||
server1.crt: server1.key server1.csr $(test_ca_crt) $(test_ca_key_file_rsa)
|
server1.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa)
|
||||||
$(MBEDTLS_CERT_WRITE) request_file=server1.csr issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20110212144406 not_after=20210212144406 md=SHA1 version=3 output_file=$@
|
$(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20110212144406 not_after=20210212144406 md=SHA1 version=3 output_file=$@
|
||||||
server1.noauthid.crt: server1.key server1.csr $(test_ca_crt) $(test_ca_key_file_rsa)
|
server1.noauthid.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa)
|
||||||
$(MBEDTLS_CERT_WRITE) request_file=server1.csr issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20110212144406 not_after=20210212144406 md=SHA1 authority_identifier=0 version=3 output_file=$@
|
$(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20110212144406 not_after=20210212144406 md=SHA1 authority_identifier=0 version=3 output_file=$@
|
||||||
server1.der: server1.crt
|
server1.der: server1.crt
|
||||||
$(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
|
$(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
|
||||||
all_final += server1.crt server1.noauthid.crt server1.der
|
all_final += server1.crt server1.noauthid.crt server1.der
|
||||||
|
|
||||||
server1.key_usage.crt: server1.key server1.csr $(test_ca_crt) $(test_ca_key_file_rsa)
|
server1.key_usage.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa)
|
||||||
$(MBEDTLS_CERT_WRITE) request_file=server1.csr issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20110212144406 not_after=20210212144406 md=SHA1 key_usage=digital_signature,non_repudiation,key_encipherment version=3 output_file=$@
|
$(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20110212144406 not_after=20210212144406 md=SHA1 key_usage=digital_signature,non_repudiation,key_encipherment version=3 output_file=$@
|
||||||
server1.key_usage_noauthid.crt: server1.key server1.csr $(test_ca_crt) $(test_ca_key_file_rsa)
|
server1.key_usage_noauthid.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa)
|
||||||
$(MBEDTLS_CERT_WRITE) request_file=server1.csr issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20110212144406 not_after=20210212144406 md=SHA1 key_usage=digital_signature,non_repudiation,key_encipherment authority_identifier=0 version=3 output_file=$@
|
$(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20110212144406 not_after=20210212144406 md=SHA1 key_usage=digital_signature,non_repudiation,key_encipherment authority_identifier=0 version=3 output_file=$@
|
||||||
server1.key_usage.der: server1.key_usage.crt
|
server1.key_usage.der: server1.key_usage.crt
|
||||||
$(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
|
$(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
|
||||||
all_final += server1.key_usage.crt server1.key_usage_noauthid.crt server1.key_usage.der
|
all_final += server1.key_usage.crt server1.key_usage_noauthid.crt server1.key_usage.der
|
||||||
|
|
||||||
server1.cert_type.crt: server1.key server1.csr $(test_ca_crt) $(test_ca_key_file_rsa)
|
server1.cert_type.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa)
|
||||||
$(MBEDTLS_CERT_WRITE) request_file=server1.csr issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20110212144406 not_after=20210212144406 md=SHA1 ns_cert_type=ssl_server version=3 output_file=$@
|
$(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20110212144406 not_after=20210212144406 md=SHA1 ns_cert_type=ssl_server version=3 output_file=$@
|
||||||
server1.cert_type_noauthid.crt: server1.key server1.csr $(test_ca_crt) $(test_ca_key_file_rsa)
|
server1.cert_type_noauthid.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa)
|
||||||
$(MBEDTLS_CERT_WRITE) request_file=server1.csr issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20110212144406 not_after=20210212144406 md=SHA1 ns_cert_type=ssl_server authority_identifier=0 version=3 output_file=$@
|
$(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20110212144406 not_after=20210212144406 md=SHA1 ns_cert_type=ssl_server authority_identifier=0 version=3 output_file=$@
|
||||||
server1.cert_type.der: server1.cert_type.crt
|
server1.cert_type.der: server1.cert_type.crt
|
||||||
$(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
|
$(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
|
||||||
all_final += server1.cert_type.crt server1.cert_type_noauthid.crt server1.cert_type.der
|
all_final += server1.cert_type.crt server1.cert_type_noauthid.crt server1.cert_type.der
|
||||||
|
|
||||||
server1.v1.crt: server1.key server1.csr $(test_ca_crt) $(test_ca_key_file_rsa)
|
server1.v1.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa)
|
||||||
$(MBEDTLS_CERT_WRITE) request_file=server1.csr issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20110212144406 not_after=20210212144406 md=SHA1 version=1 output_file=$@
|
$(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20110212144406 not_after=20210212144406 md=SHA1 version=1 output_file=$@
|
||||||
server1.v1.der: server1.v1.crt
|
server1.v1.der: server1.v1.crt
|
||||||
$(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
|
$(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
|
||||||
all_final += server1.v1.crt server1.v1.der
|
all_final += server1.v1.crt server1.v1.der
|
||||||
|
@ -767,11 +811,11 @@ all_final += server1.v1.crt server1.v1.der
|
||||||
# OpenSSL-generated certificates for comparison
|
# OpenSSL-generated certificates for comparison
|
||||||
# Also provide certificates in DER format to allow
|
# Also provide certificates in DER format to allow
|
||||||
# direct binary comparison using e.g. dumpasn1
|
# direct binary comparison using e.g. dumpasn1
|
||||||
server1.crt.openssl server1.key_usage.crt.openssl server1.cert_type.crt.openssl: server1.key server1.csr $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_server1_config_file)
|
server1.crt.openssl server1.key_usage.crt.openssl server1.cert_type.crt.openssl: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_server1_config_file)
|
||||||
echo "01" > $(test_ca_server1_serial)
|
echo "01" > $(test_ca_server1_serial)
|
||||||
rm -f $(test_ca_server1_db)
|
rm -f $(test_ca_server1_db)
|
||||||
touch $(test_ca_server1_db)
|
touch $(test_ca_server1_db)
|
||||||
$(OPENSSL) ca -batch -passin "pass:$(test_ca_pwd_rsa)" -config $(test_ca_server1_config_file) -in server1.csr -extensions v3_ext -extfile $@.v3_ext -out $@
|
$(OPENSSL) ca -batch -passin "pass:$(test_ca_pwd_rsa)" -config $(test_ca_server1_config_file) -in server1.req.sha256 -extensions v3_ext -extfile $@.v3_ext -out $@
|
||||||
server1.der.openssl: server1.crt.openssl
|
server1.der.openssl: server1.crt.openssl
|
||||||
$(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
|
$(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
|
||||||
server1.key_usage.der.openssl: server1.key_usage.crt.openssl
|
server1.key_usage.der.openssl: server1.key_usage.crt.openssl
|
||||||
|
@ -779,15 +823,15 @@ server1.key_usage.der.openssl: server1.key_usage.crt.openssl
|
||||||
server1.cert_type.der.openssl: server1.cert_type.crt.openssl
|
server1.cert_type.der.openssl: server1.cert_type.crt.openssl
|
||||||
$(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
|
$(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
|
||||||
|
|
||||||
server1.v1.crt.openssl: server1.key server1.csr $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_server1_config_file)
|
server1.v1.crt.openssl: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_server1_config_file)
|
||||||
echo "01" > $(test_ca_server1_serial)
|
echo "01" > $(test_ca_server1_serial)
|
||||||
rm -f $(test_ca_server1_db)
|
rm -f $(test_ca_server1_db)
|
||||||
touch $(test_ca_server1_db)
|
touch $(test_ca_server1_db)
|
||||||
$(OPENSSL) ca -batch -passin "pass:$(test_ca_pwd_rsa)" -config $(test_ca_server1_config_file) -in server1.csr -out $@
|
$(OPENSSL) ca -batch -passin "pass:$(test_ca_pwd_rsa)" -config $(test_ca_server1_config_file) -in server1.req.sha256 -out $@
|
||||||
server1.v1.der.openssl: server1.v1.crt.openssl
|
server1.v1.der.openssl: server1.v1.crt.openssl
|
||||||
$(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
|
$(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
|
||||||
|
|
||||||
server1_all: server1.csr server1.crt server1.noauthid.crt server1.crt.openssl server1.v1.crt server1.v1.crt.openssl server1.key_usage.crt server1.key_usage_noauthid.crt server1.key_usage.crt.openssl server1.cert_type.crt server1.cert_type_noauthid.crt server1.cert_type.crt.openssl server1.der server1.der.openssl server1.v1.der server1.v1.der.openssl server1.key_usage.der server1.key_usage.der.openssl server1.cert_type.der server1.cert_type.der.openssl
|
server1_all: server1.crt server1.noauthid.crt server1.crt.openssl server1.v1.crt server1.v1.crt.openssl server1.key_usage.crt server1.key_usage_noauthid.crt server1.key_usage.crt.openssl server1.cert_type.crt server1.cert_type_noauthid.crt server1.cert_type.crt.openssl server1.der server1.der.openssl server1.v1.der server1.v1.der.openssl server1.key_usage.der server1.key_usage.der.openssl server1.cert_type.der server1.cert_type.der.openssl
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue