From ea06a3e8cbcb1a1186c6ec2287dc5b0ec5d83035 Mon Sep 17 00:00:00 2001
From: kaleb-himes <kaleb@wolfssl.com>
Date: Thu, 20 Sep 2018 16:50:02 -0600
Subject: [PATCH 1/2] Resolve some persistent error report when conf not passed
 to req

---
 certs/test/gen-testcerts.sh | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/certs/test/gen-testcerts.sh b/certs/test/gen-testcerts.sh
index ccf270ead..37928f2a0 100755
--- a/certs/test/gen-testcerts.sh
+++ b/certs/test/gen-testcerts.sh
@@ -78,7 +78,7 @@ generate_test_cert() {
     check_result $?
 
     echo "step 3 check csr"
-    openssl req -text -noout -in "$1".csr
+    openssl req -text -noout -in "$1".csr -config "$1".conf
     check_result $?
 
     echo "step 4 create cert"
@@ -99,6 +99,7 @@ generate_test_cert() {
         echo "step 5 generate crl"
         mkdir ../crl/demoCA
         touch ../crl/demoCA/index.txt
+        touch ../crl/demoCA/index.txt.attr
         echo "01" > ../crl/crlnumber
         openssl ca -config ../renewcerts/wolfssl.cnf -gencrl -crldays 1000 \
                    -out crl.revoked -keyfile ../server-key.pem -cert "$1".pem
@@ -108,7 +109,7 @@ generate_test_cert() {
         check_result $?
         mv tmp.pem ../crl/"$1"Crl.pem
         rm crl.revoked
-        rm -rf ../crl/demoCA
+        rm -rf ../crl/demoCA #cleans up index.txt and index.txt.attr
         rm ../crl/crlnumber*
     fi
 
@@ -128,6 +129,7 @@ generate_expired_certs() {
 
     mkdir -p certs
     touch ./index.txt
+    touch ./index.txt.attr
     echo 1000 > ./serial
 
     echo "step 1 create configuration"
@@ -139,7 +141,7 @@ generate_expired_certs() {
     check_result $?
 
     echo "step 3 check csr"
-    openssl req -text -noout -in "$1".csr
+    openssl req -text -noout -in "$1".csr -config "$1".conf
     check_result $?
 
     echo "step 4 create cert"

From dc942bf9cb418d8ebd695e1d21b8708c0848a28e Mon Sep 17 00:00:00 2001
From: kaleb-himes <kaleb@wolfssl.com>
Date: Thu, 20 Sep 2018 16:54:35 -0600
Subject: [PATCH 2/2] Remove unnecessary duplicate revocation

---
 certs/crl/gencrls.sh | 30 ++++++++++++------------------
 1 file changed, 12 insertions(+), 18 deletions(-)

diff --git a/certs/crl/gencrls.sh b/certs/crl/gencrls.sh
index db90771d1..6a0f15c33 100755
--- a/certs/crl/gencrls.sh
+++ b/certs/crl/gencrls.sh
@@ -115,21 +115,15 @@ mv tmp caEccCrl.pem
 #cp caEccCrl.pem ~/wolfssl/certs/crl/caEccCrl.pem
 
 # caEcc384Crl
-echo "Step 13"
-openssl ca -config ../renewcerts/wolfssl.cnf -revoke ../server-revoked-cert.pem -keyfile ../ca-ecc384-key.pem -cert ../ca-ecc384-cert.pem
-RESULT=$?
-if [ $RESULT -ne 0 ]; then
-    echo "Already revoked CRL number 02, skipping"
-else
-    echo "Revoked CRL 02"
-fi
+# server-revoked-cert.pem is already revoked in Step 10
+#openssl ca -config ../renewcerts/wolfssl.cnf -revoke ../server-revoked-cert.pem -keyfile ../ca-ecc384-key.pem -cert ../ca-ecc384-cert.pem
 
-echo "Step 14"
+echo "Step 13"
 openssl ca -config ../renewcerts/wolfssl.cnf -gencrl -crldays 1000 -out caEcc384Crl.pem -keyfile ../ca-ecc384-key.pem -cert ../ca-ecc384-cert.pem
 check_result $?
 
 # metadata
-echo "Step 15"
+echo "Step 14"
 openssl crl -in caEcc384Crl.pem -text > tmp
 check_result $?
 mv tmp caEcc384Crl.pem
@@ -137,12 +131,12 @@ mv tmp caEcc384Crl.pem
 #cp caEcc384Crl.pem ~/wolfssl/certs/crl/caEcc384Crl.pem
 
 # cliCrl
-echo "Step 16"
+echo "Step 15"
 openssl ca -config ../renewcerts/wolfssl.cnf -gencrl -crldays 1000 -out cliCrl.pem -keyfile ../client-key.pem -cert ../client-cert.pem
 check_result $?
 
 # metadata
-echo "Step 17"
+echo "Step 16"
 openssl crl -in cliCrl.pem -text > tmp
 check_result $?
 mv tmp cliCrl.pem
@@ -150,12 +144,12 @@ mv tmp cliCrl.pem
 #cp cliCrl.pem ~/wolfssl/certs/crl/cliCrl.pem
 
 # eccCliCRL
-echo "Step 18"
+echo "Step 17"
 openssl ca -config ../renewcerts/wolfssl.cnf -gencrl -crldays 1000 -out eccCliCRL.pem -keyfile ../ecc-client-key.pem -cert ../client-ecc-cert.pem
 check_result $?
 
 # metadata
-echo "Step 19"
+echo "Step 18"
 openssl crl -in eccCliCRL.pem -text > tmp
 check_result $?
 mv tmp eccCliCRL.pem
@@ -163,12 +157,12 @@ mv tmp eccCliCRL.pem
 #cp eccCliCRL.pem ~/wolfssl/certs/crl/eccCliCRL.pem
 
 # eccSrvCRL
-echo "Step 20"
+echo "Step 19"
 openssl ca -config ../renewcerts/wolfssl.cnf -gencrl -crldays 1000 -out eccSrvCRL.pem -keyfile ../ecc-key.pem -cert ../server-ecc.pem
 check_result $?
 
 # metadata
-echo "Step 21"
+echo "Step 20"
 openssl crl -in eccSrvCRL.pem -text > tmp
 check_result $?
 mv tmp eccSrvCRL.pem
@@ -176,12 +170,12 @@ mv tmp eccSrvCRL.pem
 #cp eccSrvCRL.pem ~/wolfssl/certs/crl/eccSrvCRL.pem
 
 # caEccCrl
-echo "Step 22"
+echo "Step 21"
 openssl ca -config ../ecc/wolfssl.cnf -gencrl -crldays 1000 -out caEccCrl.pem -keyfile ../ca-ecc-key.pem -cert ../ca-ecc-cert.pem
 check_result $?
 
 # ca-ecc384-cert
-echo "Step 23"
+echo "Step 22"
 openssl ca -config ../ecc/wolfssl.cnf -gencrl -crldays 1000 -out caEcc384Crl.pem -keyfile ../ca-ecc384-key.pem -cert ../ca-ecc384-cert.pem
 check_result $?