Skip to content

Add cert/CRL capabilities: skid, akid, dist point, netscape #9713

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
padelsbach wants to merge 2 commits into
base: master
Choose a base branch
from
+2,798 −98
Draft

Add cert/CRL capabilities: skid, akid, dist point, netscape #9713

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
da08705
Add CRL generation code
padelsbach Dec 31, 2025
ce8d86b
Add cert/CRL capabilities: skid, akid, dist point, netscape
padelsbach Jan 24, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 7 additions & 0 deletions .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -104,6 +104,10 @@ ecc-key.der
ecc-key.pem
certreq.der
certreq.pem
crlRsaOut.pem
crlRsaOut.der
crlEccOut.pem
crlEccOut.der
pkcs7cert.der
pkcs7authEnvelopedDataAES128GCM.der
pkcs7authEnvelopedDataAES128GCM_ECDH_SHA1KDF.der
Expand Down Expand Up @@ -470,3 +474,6 @@ wolfssl/debug-trace-error-codes.h
wolfssl/debug-untrace-error-codes.h

AGENTS.md

# Code navigation files
compile_commands.json
Binary file added certs/client-ca-cert.der
View file
Open in desktop
Binary file not shown.
92 changes: 92 additions & 0 deletions certs/client-ca-cert.pem
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,92 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 4661 (0x1235)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting, CN = www.wolfssl.com, emailAddress = [email protected]
Validity
Not Before: Jan 24 20:31:13 2026 GMT
Not After : Oct 20 20:31:13 2028 GMT
Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_2048, OU = Programming-2048, CN = www.wolfssl.com, emailAddress = [email protected]
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:c3:03:d1:2b:fe:39:a4:32:45:3b:53:c8:84:2b:
2a:7c:74:9a:bd:aa:2a:52:07:47:d6:a6:36:b2:07:
32:8e:d0:ba:69:7b:c6:c3:44:9e:d4:81:48:fd:2d:
68:a2:8b:67:bb:a1:75:c8:36:2c:4a:d2:1b:f7:8b:
ba:cf:0d:f9:ef:ec:f1:81:1e:7b:9b:03:47:9a:bf:
65:cc:7f:65:24:69:a6:e8:14:89:5b:e4:34:f7:c5:
b0:14:93:f5:67:7b:3a:7a:78:e1:01:56:56:91:a6:
13:42:8d:d2:3c:40:9c:4c:ef:d1:86:df:37:51:1b:
0c:a1:3b:f5:f1:a3:4a:35:e4:e1:ce:96:df:1b:7e:
bf:4e:97:d0:10:e8:a8:08:30:81:af:20:0b:43:14:
c5:74:67:b4:32:82:6f:8d:86:c2:88:40:99:36:83:
ba:1e:40:72:22:17:d7:52:65:24:73:b0:ce:ef:19:
cd:ae:ff:78:6c:7b:c0:12:03:d4:4e:72:0d:50:6d:
3b:a3:3b:a3:99:5e:9d:c8:d9:0c:85:b3:d9:8a:d9:
54:26:db:6d:fa:ac:bb:ff:25:4c:c4:d1:79:f4:71:
d3:86:40:18:13:b0:63:b5:72:4e:30:c4:97:84:86:
2d:56:2f:d7:15:f7:7f:c0:ae:f5:fc:5b:e5:fb:a1:
ba:d3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Subject Key Identifier:
33:D8:45:66:D7:68:87:18:7E:54:0D:70:27:91:C7:26:D7:85:65:C0
X509v3 Authority Key Identifier:
keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/[email protected]
serial:3F:29:11:20:57:71:E7:8E:F9:18:0D:CA:70:4D:5B:15:2A:43:D6:24
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
7f:71:41:b2:72:c1:a9:ba:c9:52:40:ea:6d:3d:3d:c0:ae:1e:
44:cd:f9:a5:d6:ac:34:5f:8b:ed:cd:91:81:0f:05:0f:5e:4b:
b3:18:bf:33:7a:61:a5:25:f1:91:55:c1:12:66:b7:26:3b:9c:
bb:21:1a:0c:72:78:88:57:fa:49:22:e7:80:2f:c1:40:01:66:
3d:20:63:e7:e3:38:a9:54:39:52:42:d2:b6:38:6b:08:7d:45:
49:1a:de:b5:64:70:c9:65:ce:0b:94:24:ee:b4:46:67:3c:74:
f0:2a:61:4d:b2:fc:6e:ca:c0:36:a9:b0:d3:5a:e2:15:72:f5:
a4:90:73:b2:37:58:b4:10:39:d3:85:5f:56:91:7e:cf:54:5d:
c6:a7:40:36:bd:ed:f2:af:e5:ce:b6:ea:38:be:47:32:6f:ed:
d2:ba:9d:70:e1:74:2e:f0:27:e4:72:53:75:43:ce:0a:07:b4:
7e:74:17:00:55:b5:d1:92:e4:42:39:ca:84:51:84:f8:23:a6:
41:27:fb:20:e2:43:e3:74:d3:ce:95:4e:1f:06:de:65:5e:e3:
38:e2:eb:f1:a6:ca:6b:7c:56:51:c0:02:1e:6e:3f:51:c1:d5:
04:c0:3d:57:56:15:65:76:a4:f4:eb:43:27:2c:c3:58:29:5c:
18:da:e8:fd
-----BEGIN CERTIFICATE-----
MIIE3zCCA8egAwIBAgICEjUwDQYJKoZIhvcNAQELBQAwgZQxCzAJBgNVBAYTAlVT
MRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhT
YXd0b290aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZz
c2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTI2MDEy
NDIwMzExM1oXDTI4MTAyMDIwMzExM1owgZ4xCzAJBgNVBAYTAlVTMRAwDgYDVQQI
DAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRUwEwYDVQQKDAx3b2xmU1NMXzIw
NDgxGTAXBgNVBAsMEFByb2dyYW1taW5nLTIwNDgxGDAWBgNVBAMMD3d3dy53b2xm
c3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJ
KoZIhvcNAQEBBQADggEPADCCAQoCggEBAMMD0Sv+OaQyRTtTyIQrKnx0mr2qKlIH
R9amNrIHMo7Quml7xsNEntSBSP0taKKLZ7uhdcg2LErSG/eLus8N+e/s8YEee5sD
R5q/Zcx/ZSRppugUiVvkNPfFsBST9Wd7Onp44QFWVpGmE0KN0jxAnEzv0YbfN1Eb
DKE79fGjSjXk4c6W3xt+v06X0BDoqAgwga8gC0MUxXRntDKCb42GwohAmTaDuh5A
ciIX11JlJHOwzu8Zza7/eGx7wBID1E5yDVBtO6M7o5lencjZDIWz2YrZVCbbbfqs
u/8lTMTRefRx04ZAGBOwY7VyTjDEl4SGLVYv1xX3f8Cu9fxb5fuhutMCAwEAAaOC
AS0wggEpMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgWgMBMGA1UdJQQMMAoG
CCsGAQUFBwMCMB0GA1UdDgQWBBQz2EVm12iHGH5UDXAnkccm14VlwDCB1AYDVR0j
BIHMMIHJgBQnjmcRdMMmHT/tM2OzpNgdMOXo1aGBmqSBlzCBlDELMAkGA1UEBhMC
VVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoM
CFNhd3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29s
ZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb22CFD8pESBX
ceeO+RgNynBNWxUqQ9YkMA0GCSqGSIb3DQEBCwUAA4IBAQB/cUGycsGpuslSQOpt
PT3Arh5Ezfml1qw0X4vtzZGBDwUPXkuzGL8zemGlJfGRVcESZrcmO5y7IRoMcniI
V/pJIueAL8FAAWY9IGPn4zipVDlSQtK2OGsIfUVJGt61ZHDJZc4LlCTutEZnPHTw
KmFNsvxuysA2qbDTWuIVcvWkkHOyN1i0EDnThV9WkX7PVF3Gp0A2ve3yr+XOtuo4
vkcyb+3Sup1w4XQu8CfkclN1Q84KB7R+dBcAVbXRkuRCOcqEUYT4I6ZBJ/sg4kPj
dNPOlU4fBt5lXuM44uvxpsprfFZRwAIebj9RwdUEwD1XVhVldqT060MnLMNYKVwY
2uj9
-----END CERTIFICATE-----
Binary file added certs/client-ecc-ca-cert.der
View file
Open in desktop
Binary file not shown.
54 changes: 54 additions & 0 deletions certs/client-ecc-ca-cert.pem
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,54 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 4660 (0x1234)
Signature Algorithm: ecdsa-with-SHA256
Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Development, CN = www.wolfssl.com, emailAddress = [email protected]
Validity
Not Before: Jan 24 20:12:22 2026 GMT
Not After : Oct 20 20:12:22 2028 GMT
Subject: C = US, ST = Oregon, L = Salem, O = Client ECC, OU = Fast, CN = www.wolfssl.com, emailAddress = [email protected]
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
04:55:bf:f4:0f:44:50:9a:3d:ce:9b:b7:f0:c5:4d:
f5:70:7b:d4:ec:24:8e:19:80:ec:5a:4c:a2:24:03:
62:2c:9b:da:ef:a2:35:12:43:84:76:16:c6:56:95:
06:cc:01:a9:bd:f6:75:1a:42:f7:bd:a9:b2:36:22:
5f:c7:5d:7f:b4
ASN1 OID: prime256v1
NIST CURVE: P-256
X509v3 extensions:
X509v3 Subject Key Identifier:
EB:D4:4B:59:6B:95:61:3F:51:57:B6:04:4D:89:41:88:44:5C:AB:F2
X509v3 Authority Key Identifier:
56:8E:9A:C3:F0:42:DE:18:B9:45:55:6E:F9:93:CF:EA:C3:F3:A5:21
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Key Usage: critical
Digital Signature, Key Encipherment, Key Agreement
X509v3 Extended Key Usage:
TLS Web Client Authentication
Signature Algorithm: ecdsa-with-SHA256
Signature Value:
30:45:02:21:00:9d:4d:72:4a:fb:f7:19:96:e3:d3:c2:75:ed:
b5:39:18:44:e7:61:7d:5e:31:d0:3c:eb:45:b3:6f:38:68:f9:
1d:02:20:57:c1:19:e8:c8:8a:14:e7:37:d1:93:b3:46:f5:eb:
8f:24:31:6c:78:d7:cd:b7:c9:8e:09:54:6e:4d:3b:7b:7b
-----BEGIN CERTIFICATE-----
MIICizCCAjGgAwIBAgICEjQwCgYIKoZIzj0EAwIwgZcxCzAJBgNVBAYTAlVTMRMw
EQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3
b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEYMBYGA1UEAwwPd3d3LndvbGZz
c2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTI2MDEy
NDIwMTIyMloXDTI4MTAyMDIwMTIyMlowgY0xCzAJBgNVBAYTAlVTMQ8wDQYDVQQI
DAZPcmVnb24xDjAMBgNVBAcMBVNhbGVtMRMwEQYDVQQKDApDbGllbnQgRUNDMQ0w
CwYDVQQLDARGYXN0MRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG
9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNC
AARVv/QPRFCaPc6bt/DFTfVwe9TsJI4ZgOxaTKIkA2Ism9rvojUSQ4R2FsZWlQbM
Aam99nUaQve9qbI2Il/HXX+0o3UwczAdBgNVHQ4EFgQU69RLWWuVYT9RV7YETYlB
iERcq/IwHwYDVR0jBBgwFoAUVo6aw/BC3hi5RVVu+ZPP6sPzpSEwDAYDVR0TAQH/
BAIwADAOBgNVHQ8BAf8EBAMCA6gwEwYDVR0lBAwwCgYIKwYBBQUHAwIwCgYIKoZI
zj0EAwIDSAAwRQIhAJ1Nckr79xmW49PCde21ORhE52F9XjHQPOtFs284aPkdAiBX
wRnoyIoU5zfRk7NG9euPJDFseNfNt8mOCVRuTTt7ew==
-----END CERTIFICATE-----
5 changes: 4 additions & 1 deletion certs/include.am
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,9 @@ EXTRA_DIST += \
certs/ecc-client-keyPub.pem \
certs/empty-issuer-cert.pem \
certs/client-ecc-cert.pem \
certs/client-ecc-ca-cert.pem \
certs/client-ca.pem \
certs/client-ca-cert.pem \
certs/dh2048.pem \
certs/server-cert.pem \
certs/server-ecc.pem \
Expand Down Expand Up @@ -91,6 +93,8 @@ EXTRA_DIST += \
certs/client-cert.der \
certs/client-key.der \
certs/client-ecc-cert.der \
certs/client-ecc-ca-cert.der \
certs/client-ca-cert.der \
certs/client-keyPub.der \
certs/client-keyPub.pem \
certs/dh2048.der \
Expand Down Expand Up @@ -154,4 +158,3 @@ include certs/sphincs/include.am
include certs/rpk/include.am
include certs/acert/include.am
include certs/mldsa/include.am

59 changes: 59 additions & 0 deletions certs/renewcerts.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,10 @@
# 1024/client-cert.pem
# server-ecc-comp.pem
# client-ca.pem
# client-ca-cert.der
# client-ca-cert.pem
# client-ecc-ca-cert.der
# client-ecc-ca-cert.pem
# test/digsigku.pem
# ecc-privOnlyCert.pem
# client-uri-cert.pem
Expand Down Expand Up @@ -896,6 +900,61 @@ run_renewcerts(){
echo "End of section"
echo "---------------------------------------------------------------------"

############################################################
########## update and sign client-ca-cert.pem ##############
############################################################
echo "Updating client-ca-cert.pem"
echo ""
cat > client-ca-ext.cnf <<'EOF'
[ client_ca ]
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
basicConstraints=critical, CA:FALSE
keyUsage=critical, digitalSignature, keyEncipherment
extendedKeyUsage=clientAuth
EOF
check_result $? "Step 1"

#pipe the following arguments to openssl req...
echo -e "US\\nMontana\\nBozeman\\nwolfSSL_2048\\nProgramming-2048\\nwww.wolfssl.com\\[email protected]\\n.\\n.\\n" | openssl req -new -key client-key.pem -config ./wolfssl.cnf -nodes > client-ca-cert-req.pem
check_result $? "Step 2"

openssl x509 -req -in client-ca-cert-req.pem -extfile client-ca-ext.cnf -extensions client_ca -days 1000 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 0x1235 > client-ca-cert.pem
check_result $? "Step 3"
rm client-ca-cert-req.pem

openssl x509 -in client-ca-cert.pem -text > tmp.pem
check_result $? "Step 4"
mv tmp.pem client-ca-cert.pem

openssl x509 -inform PEM -in client-ca-cert.pem -outform DER -out client-ca-cert.der
check_result $? "Step 5"
rm client-ca-ext.cnf
echo "End of section"
echo "---------------------------------------------------------------------"

############################################################
####### update and sign client-ecc-ca-cert.pem #############
############################################################
echo "Updating client-ecc-ca-cert.pem"
echo ""
#pipe the following arguments to openssl req...
echo -e "US\\nOregon\\nSalem\\nClient ECC\\nFast\\nwww.wolfssl.com\\[email protected]\\n.\\n.\\n" | openssl req -new -key ecc-client-key.pem -config ./wolfssl.cnf -nodes > client-ecc-ca-cert-req.pem
check_result $? "Step 1"

openssl x509 -req -in client-ecc-ca-cert-req.pem -extfile wolfssl.cnf -extensions client_ecc -days 1000 -CA ca-ecc-cert.pem -CAkey ca-ecc-key.pem -set_serial 0x1234 > client-ecc-ca-cert.pem
check_result $? "Step 2"
rm client-ecc-ca-cert-req.pem

openssl x509 -in client-ecc-ca-cert.pem -text > tmp.pem
check_result $? "Step 3"
mv tmp.pem client-ecc-ca-cert.pem

openssl x509 -inform PEM -in client-ecc-ca-cert.pem -outform DER -out client-ecc-ca-cert.der
check_result $? "Step 4"
echo "End of section"
echo "---------------------------------------------------------------------"

#cleanup the file system now that we're done
echo "Performing final steps, cleaning up the file system..."
echo ""
Expand Down
1 change: 1 addition & 0 deletions linuxkm/linuxkm_wc_port.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,7 @@
#endif

#include <linux/version.h>
#include <linux/inet.h>

#if LINUX_VERSION_CODE < KERNEL_VERSION(3, 16, 0)
#error Unsupported kernel.
Expand Down
112 changes: 112 additions & 0 deletions scripts/crl-gen-openssl.test
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,112 @@
#!/usr/bin/env bash

set -euo pipefail

# Verifies CRLs generated by the C API unit tests (tests/api.c).
# Uses OpenSSL to validate CRL structure, signature, and revocation behavior.
# RSA: ca-cert.pem + server-cert.pem (revoked) + client-ca-cert.pem (good).
# ECC: ca-ecc-cert.pem + server-ecc.pem (revoked) + client-ecc-ca-cert.pem (good).

OPENSSL=${OPENSSL:-openssl}

if ! command -v "$OPENSSL" >/dev/null 2>&1; then
echo "skipping crl-gen-openssl.test: openssl not found"
exit 77
fi

normalize_dn() {
sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//' \
-e 's/^issuer=//' -e 's/^subject=//' \
-e 's/[[:space:]]*=[[:space:]]*/=/g' \
-e 's/[[:space:]]*,[[:space:]]*/,/g'
}

check_crl() {
local crl="$1"
local ca_cert="$2"
local revoked_cert="$3"
local good_cert="$4"
local label="$5"

echo "Checking $label CRL: $crl"

local issuer subject
issuer=$("$OPENSSL" crl -in "$crl" -noout -issuer | normalize_dn)
subject=$("$OPENSSL" x509 -in "$ca_cert" -noout -subject | normalize_dn)
if [ "$issuer" != "$subject" ]; then
echo "issuer mismatch for $label CRL"
echo "issuer : $issuer"
echo "subject: $subject"
return 1
fi

local last_update next_update
last_update=$("$OPENSSL" crl -in "$crl" -noout -lastupdate)
next_update=$("$OPENSSL" crl -in "$crl" -noout -nextupdate)
if [ -z "$last_update" ] || [ -z "$next_update" ]; then
echo "missing lastUpdate/nextUpdate for $label CRL"
return 1
fi

if ! "$OPENSSL" crl -in "$crl" -noout -verify -CAfile "$ca_cert" >/dev/null 2>&1; then
echo "CRL signature verification failed for $label"
return 1
fi

local revoked_count
revoked_count=$("$OPENSSL" crl -in "$crl" -text -noout | grep -c "Serial Number" || true)
if [ "$revoked_count" -ne 4 ]; then
echo "unexpected revoked count for $label CRL: $revoked_count (expected 4)"
return 1
fi

local serial crl_text
serial=$("$OPENSSL" x509 -in "$revoked_cert" -noout -serial | cut -d= -f2 | tr 'A-F' 'a-f')
crl_text=$("$OPENSSL" crl -in "$crl" -text -noout | tr 'A-F' 'a-f')
if ! echo "$crl_text" | grep -q "$serial"; then
echo "revoked serial not found in $label CRL: $serial"
return 1
fi

local verify_out verify_rc
verify_out=$("$OPENSSL" verify -CAfile "$ca_cert" -crl_check -CRLfile "$crl" \
"$revoked_cert" 2>&1) || verify_rc=$?
verify_rc=${verify_rc:-0}
if [ "$verify_rc" -eq 0 ] || ! echo "$verify_out" | grep -qi "certificate revoked"; then
echo "expected revoked verification failure for $label CRL"
echo "$verify_out"
return 1
fi

if [ -n "$good_cert" ]; then
if ! "$OPENSSL" verify -CAfile "$ca_cert" -crl_check -CRLfile "$crl" \
"$good_cert" >/dev/null 2>&1; then
echo "expected successful verification for $label CRL with $good_cert"
return 1
fi
fi
}

crl_rsa="certs/crl/crlRsaOut.pem"
crl_ecc="certs/crl/crlEccOut.pem"

if [ ! -f "$crl_rsa" ] && [ ! -f "$crl_ecc" ]; then
echo "skipping crl-gen-openssl.test: CRL outputs not found"
exit 77
fi

if [ -f "$crl_rsa" ]; then
ca_rsa="certs/ca-cert.pem"
revoked_rsa="certs/server-cert.pem"
good_rsa="certs/client-ca-cert.pem"
check_crl "$crl_rsa" "$ca_rsa" "$revoked_rsa" "$good_rsa" "RSA"
fi

if [ -f "$crl_ecc" ]; then
ca_ecc="certs/ca-ecc-cert.pem"
revoked_ecc="certs/server-ecc.pem"
good_ecc="certs/client-ecc-ca-cert.pem"
check_crl "$crl_ecc" "$ca_ecc" "$revoked_ecc" "${good_ecc:-}" "ECC"
fi

echo "crl-gen-openssl.test: OK"
2 changes: 2 additions & 0 deletions scripts/include.am
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,9 @@ if BUILD_RSA
if BUILD_CRL
# make revoked test rely on completion of resume test
dist_noinst_SCRIPTS+= scripts/crl-revoked.test
dist_noinst_SCRIPTS+= scripts/crl-gen-openssl.test
scripts/crl-revoked.log: scripts/resume.log
scripts/crl-gen-openssl.log: scripts/crl-revoked.log
endif

# arrange to serialize ocsp.test, ocsp-stapling.test, ocsp-stapling-with-ca-as-responder.test, ocsp-stapling2.test, and testsuite,
Expand Down
Loading
Loading