certmonger

Clone

#226 Update csrgen test to understand OpenSSL 3.0.0 output
Merged 2 years ago by rcritten. Opened 2 years ago by rcritten.
rcritten/certmonger issue_223  into  master

file modified
+2 -2 
@@ -42,8 +42,8 @@ 
 

  openssl x509 -out minicert.nss.$size.pem -in minicert.nss.$size -inform der
 

  # The RSA tests already verify the contents of the requests, so we really only
 

  # need to care about the signatures passing verification.
 

- openssl req   -verify -noout < csr.nss.$size 2>&1
 

- openssl req   -verify -noout < csr.openssl.$size 2>&1
 

+ openssl req   -verify -noout < csr.nss.$size 2>&1 | sed 's/Certificate request self-signature //'
 

+ openssl req   -verify -noout < csr.openssl.$size 2>&1 | sed 's/Certificate request self-signature //'
 

  openssl spkac -verify -noout < spkac.nss.$size 2>&1
 

  openssl spkac -verify -noout < spkac.openssl.$size 2>&1
 

  openssl verify -CAfile minicert.openssl.$size.pem minicert.openssl.$size.pem 2>&1

file modified
+2 -2 
@@ -118,14 +118,14 @@ 
 

  	echo key_pubkey=616263 >> entry.openssl.$size
 

  	$toolsdir/csrgen entry.nss.$size > csr.nss.$size
 

  	# Both should verify.
 

- 	if test "`openssl req -verify -key key.$size -in csr.openssl.$size -noout 2>&1`" != "verify OK" ; then
 

+ 	if test "`openssl req -verify -key key.$size -in csr.openssl.$size -noout 2>&1 | grep -c "verify OK"`" != "1" ; then
 

  		echo Signature failed for OpenSSL:
 

  		cat csr.openssl.$size
 

  		echo Private key:
 

  		awk '/BEGIN PRIVATE KEY/,/END PRIVATE KEY/{print}{;}' $tmpdir/key.$size
 

  		exit 1
 

  	fi
 

- 	if test "`openssl req -verify -key key.$size -in csr.nss.$size -noout 2>&1`" != "verify OK" ; then
 

+ 	if test "`openssl req -verify -key key.$size -in csr.nss.$size -noout 2>&1 | grep -c "verify OK"`" != "1" ; then
 

  		echo Signature failed for NSS:
 

  		cat csr.nss.$size
 

  		echo Private key:

file modified
+2 -2 
@@ -170,14 +170,14 @@ 
 

  	echo key_pubkey=616263 >> entry.openssl.$size
 

  	$toolsdir/csrgen entry.nss.$size > csr.nss.$size
 

  	# Both should verify.
 

- 	if test "`openssl req -verify -key key.$size -in csr.openssl.$size -noout 2>&1`" != "verify OK" ; then
 

+ 	if test "`openssl req -verify -key key.$size -in csr.openssl.$size -noout 2>&1 | grep -c "verify OK"`" != "1" ; then
 

  		echo Signature failed for OpenSSL:
 

  		cat csr.openssl.$size
 

  		echo Private key:
 

  		awk '/BEGIN PRIVATE KEY/,/END PRIVATE KEY/{print}{;}' $tmpdir/key.$size
 

  		exit 1
 

  	fi
 

- 	if test "`openssl req -verify -key key.$size -in csr.nss.$size -noout 2>&1`" != "verify OK" ; then
 

+ 	if test "`openssl req -verify -key key.$size -in csr.nss.$size -noout 2>&1 | grep -c "verify OK"`" != "1" ; then
 

  		echo Signature failed for NSS:
 

  		cat csr.nss.$size
 

  		echo Private key:

OpenSSL 3.0.0 change a lot of output messages. When verifying
a certificate instead of printing just "verify OK" it prints
"Certificate request self-signature verify OK"

Modify the check to match both OpenSSL 1.x and 3.x

Related: https://pagure.io/certmonger/issue/223

Signed-off-by: Rob Crittenden rcritten@redhat.com

I missed 003-csrgen-ec. I'll update the patch.

rebased onto 46cd5a7
2 years ago

Pull-Request has been merged by rcritten
2 years ago
Metadata
None
No Tags
Changes Summary 3
+2 -2
file changed
tests/003-csrgen-ec/run.sh
+2 -2
file changed
tests/003-csrgen-rsa/run.sh
+2 -2
file changed
tests/003-csrgen/run.sh
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.