Merge pull request #1844 from kaleb-himes/CERT_UPDATE_FIX

Cert update fix
2018-09-20 18:06:16 -07:00 · 2018-09-20 18:06:16 -07:00 · a5fffdbbb7
parent dfb9db2b8d dc942bf9cb
commit a5fffdbbb7
2 changed files with 17 additions and 21 deletions
--- a/certs/crl/gencrls.sh
+++ b/certs/crl/gencrls.sh
@ -115,21 +115,15 @@ mv tmp caEccCrl.pem
 #cp caEccCrl.pem ~/wolfssl/certs/crl/caEccCrl.pem

 # caEcc384Crl
-echo "Step 13"
-openssl ca -config ../renewcerts/wolfssl.cnf -revoke ../server-revoked-cert.pem -keyfile ../ca-ecc384-key.pem -cert ../ca-ecc384-cert.pem
-RESULT=$?
-if [ $RESULT -ne 0 ]; then
-    echo "Already revoked CRL number 02, skipping"
-else
-    echo "Revoked CRL 02"
-fi
+# server-revoked-cert.pem is already revoked in Step 10
+#openssl ca -config ../renewcerts/wolfssl.cnf -revoke ../server-revoked-cert.pem -keyfile ../ca-ecc384-key.pem -cert ../ca-ecc384-cert.pem

-echo "Step 14"
+echo "Step 13"
 openssl ca -config ../renewcerts/wolfssl.cnf -gencrl -crldays 1000 -out caEcc384Crl.pem -keyfile ../ca-ecc384-key.pem -cert ../ca-ecc384-cert.pem
 check_result $?

 # metadata
-echo "Step 15"
+echo "Step 14"
 openssl crl -in caEcc384Crl.pem -text > tmp
 check_result $?
 mv tmp caEcc384Crl.pem
@ -137,12 +131,12 @@ mv tmp caEcc384Crl.pem
 #cp caEcc384Crl.pem ~/wolfssl/certs/crl/caEcc384Crl.pem

 # cliCrl
-echo "Step 16"
+echo "Step 15"
 openssl ca -config ../renewcerts/wolfssl.cnf -gencrl -crldays 1000 -out cliCrl.pem -keyfile ../client-key.pem -cert ../client-cert.pem
 check_result $?

 # metadata
-echo "Step 17"
+echo "Step 16"
 openssl crl -in cliCrl.pem -text > tmp
 check_result $?
 mv tmp cliCrl.pem
@ -150,12 +144,12 @@ mv tmp cliCrl.pem
 #cp cliCrl.pem ~/wolfssl/certs/crl/cliCrl.pem

 # eccCliCRL
-echo "Step 18"
+echo "Step 17"
 openssl ca -config ../renewcerts/wolfssl.cnf -gencrl -crldays 1000 -out eccCliCRL.pem -keyfile ../ecc-client-key.pem -cert ../client-ecc-cert.pem
 check_result $?

 # metadata
-echo "Step 19"
+echo "Step 18"
 openssl crl -in eccCliCRL.pem -text > tmp
 check_result $?
 mv tmp eccCliCRL.pem
@ -163,12 +157,12 @@ mv tmp eccCliCRL.pem
 #cp eccCliCRL.pem ~/wolfssl/certs/crl/eccCliCRL.pem

 # eccSrvCRL
-echo "Step 20"
+echo "Step 19"
 openssl ca -config ../renewcerts/wolfssl.cnf -gencrl -crldays 1000 -out eccSrvCRL.pem -keyfile ../ecc-key.pem -cert ../server-ecc.pem
 check_result $?

 # metadata
-echo "Step 21"
+echo "Step 20"
 openssl crl -in eccSrvCRL.pem -text > tmp
 check_result $?
 mv tmp eccSrvCRL.pem
@ -176,12 +170,12 @@ mv tmp eccSrvCRL.pem
 #cp eccSrvCRL.pem ~/wolfssl/certs/crl/eccSrvCRL.pem

 # caEccCrl
-echo "Step 22"
+echo "Step 21"
 openssl ca -config ../ecc/wolfssl.cnf -gencrl -crldays 1000 -out caEccCrl.pem -keyfile ../ca-ecc-key.pem -cert ../ca-ecc-cert.pem
 check_result $?

 # ca-ecc384-cert
-echo "Step 23"
+echo "Step 22"
 openssl ca -config ../ecc/wolfssl.cnf -gencrl -crldays 1000 -out caEcc384Crl.pem -keyfile ../ca-ecc384-key.pem -cert ../ca-ecc384-cert.pem
 check_result $?

--- a/certs/test/gen-testcerts.sh
+++ b/certs/test/gen-testcerts.sh
@ -78,7 +78,7 @@ generate_test_cert() {
    check_result $?

    echo "step 3 check csr"
-    openssl req -text -noout -in "$1".csr
+    openssl req -text -noout -in "$1".csr -config "$1".conf
    check_result $?

    echo "step 4 create cert"
@ -99,6 +99,7 @@ generate_test_cert() {
        echo "step 5 generate crl"
        mkdir ../crl/demoCA
        touch ../crl/demoCA/index.txt
+        touch ../crl/demoCA/index.txt.attr
        echo "01" > ../crl/crlnumber
        openssl ca -config ../renewcerts/wolfssl.cnf -gencrl -crldays 1000 \
                   -out crl.revoked -keyfile ../server-key.pem -cert "$1".pem
@ -108,7 +109,7 @@ generate_test_cert() {
        check_result $?
        mv tmp.pem ../crl/"$1"Crl.pem
        rm crl.revoked
-        rm -rf ../crl/demoCA
+        rm -rf ../crl/demoCA #cleans up index.txt and index.txt.attr
        rm ../crl/crlnumber*
    fi

@ -128,6 +129,7 @@ generate_expired_certs() {

    mkdir -p certs
    touch ./index.txt
+    touch ./index.txt.attr
    echo 1000 > ./serial

    echo "step 1 create configuration"
@ -139,7 +141,7 @@ generate_expired_certs() {
    check_result $?

    echo "step 3 check csr"
-    openssl req -text -noout -in "$1".csr
+    openssl req -text -noout -in "$1".csr -config "$1".conf
    check_result $?

    echo "step 4 create cert"