From 2da6d13e47a558a317f69b1ebba7221e68f0854b Mon Sep 17 00:00:00 2001 From: Nalin Dahyabhai Date: Feb 23 2017 17:02:39 +0000 Subject: Make checks for "MAC verified OK" message optional When verifying PKCS#12 bundles, don't expect a "MAC verified OK" message with the MAC is verified, since newer versions of OpenSSL's pkcs12 command don't print the message. They still print an error if verification fails, so strip the verification message from the expected results to accept the output from older versions. Signed-off-by: Nalin Dahyabhai --- diff --git a/tests/003-csrgen-dsa/run.sh b/tests/003-csrgen-dsa/run.sh index c2875ab..2d4a5e1 100755 --- a/tests/003-csrgen-dsa/run.sh +++ b/tests/003-csrgen-dsa/run.sh @@ -12,7 +12,7 @@ run_certutil -d "$tmpdir" -S -g $size -n keyi$size \ -x -t u -k dsa # Export the key. pk12util -d "$tmpdir" -o $size.p12 -W "" -n "keyi$size" > /dev/null 2>&1 -openssl pkcs12 -in $size.p12 -out key.$size -passin pass: -nodes -nocerts > /dev/null 2>&1 +openssl pkcs12 -in $size.p12 -out key.$size -passin pass: -nodes -nocerts > /dev/null 2>&1 | grep -v '^MAC verified OK$' || : # Read the public key and cache it. cat > entry.openssl.$size <<- EOF key_storage_type=FILE diff --git a/tests/003-csrgen-ec/run.sh b/tests/003-csrgen-ec/run.sh index 0620c8f..91117ec 100755 --- a/tests/003-csrgen-ec/run.sh +++ b/tests/003-csrgen-ec/run.sh @@ -13,7 +13,7 @@ run_certutil -d "$tmpdir" -S -n keyi$size \ -x -t u -k ec -q $size # Export the key. pk12util -d "$tmpdir" -o $size.p12 -W "" -n "keyi$size" > /dev/null 2>&1 -openssl pkcs12 -in $size.p12 -out key.$size -passin pass: -nodes -nocerts > /dev/null 2>&1 +openssl pkcs12 -in $size.p12 -out key.$size -passin pass: -nodes -nocerts > /dev/null 2>&1 | ( grep -v '^MAC verified OK$' || : ) # Read the public key and cache it. cat > entry.openssl.$size <<- EOF key_storage_type=FILE diff --git a/tests/003-csrgen-rsa/expected.out b/tests/003-csrgen-rsa/expected.out index e058e85..c9dec72 100644 --- a/tests/003-csrgen-rsa/expected.out +++ b/tests/003-csrgen-rsa/expected.out @@ -1,21 +1,16 @@ pk12util: PKCS12 EXPORT SUCCESSFUL -MAC verified OK 1024 OK. Signature OK pk12util: PKCS12 EXPORT SUCCESSFUL -MAC verified OK 1536 OK. Signature OK pk12util: PKCS12 EXPORT SUCCESSFUL -MAC verified OK 2048 OK. Signature OK pk12util: PKCS12 EXPORT SUCCESSFUL -MAC verified OK 3072 OK. Signature OK pk12util: PKCS12 EXPORT SUCCESSFUL -MAC verified OK 4096 OK. Signature OK The last CSR (the one with everything) was: diff --git a/tests/003-csrgen-rsa/run.sh b/tests/003-csrgen-rsa/run.sh index 7f1e7b4..4cd8408 100755 --- a/tests/003-csrgen-rsa/run.sh +++ b/tests/003-csrgen-rsa/run.sh @@ -12,7 +12,7 @@ for size in 1024 1536 2048 3072 4096 ; do -x -t u -k rsa # Export the key. pk12util -d "$tmpdir" -o $size.p12 -W "" -n "keyi$size" - openssl pkcs12 -in $size.p12 -out key.$size -passin pass: -nodes -nocerts 2>&1 + openssl pkcs12 -in $size.p12 -out key.$size -passin pass: -nodes -nocerts 2>&1 | ( grep -v '^MAC verified OK$' || : ) # Read the public key and cache it. cat > entry.openssl.$size <<- EOF key_storage_type=FILE diff --git a/tests/003-csrgen/expected.out b/tests/003-csrgen/expected.out index 5108316..8e6cac6 100644 --- a/tests/003-csrgen/expected.out +++ b/tests/003-csrgen/expected.out @@ -1,25 +1,20 @@ pk12util: PKCS12 EXPORT SUCCESSFUL -MAC verified OK Signature OK minicert.openssl.1024.pem: OK 1024 OK. pk12util: PKCS12 EXPORT SUCCESSFUL -MAC verified OK Signature OK minicert.openssl.1536.pem: OK 1536 OK. pk12util: PKCS12 EXPORT SUCCESSFUL -MAC verified OK Signature OK minicert.openssl.2048.pem: OK 2048 OK. pk12util: PKCS12 EXPORT SUCCESSFUL -MAC verified OK Signature OK minicert.openssl.3072.pem: OK 3072 OK. pk12util: PKCS12 EXPORT SUCCESSFUL -MAC verified OK Signature OK minicert.openssl.4096.pem: OK 4096 OK. diff --git a/tests/003-csrgen/run.sh b/tests/003-csrgen/run.sh index 67b1206..7c169ed 100755 --- a/tests/003-csrgen/run.sh +++ b/tests/003-csrgen/run.sh @@ -12,7 +12,7 @@ for size in 1024 1536 2048 3072 4096 ; do -x -t u # Export the key. pk12util -d "$tmpdir" -o $size.p12 -W "" -n "keyi$size" - openssl pkcs12 -in $size.p12 -out key.$size -passin pass: -nodes -nocerts 2>&1 + openssl pkcs12 -in $size.p12 -out key.$size -passin pass: -nodes -nocerts 2>&1 | ( grep -v "^MAC verified OK$" || : ) # Read the public key and cache it. cat > entry.openssl.$size <<- EOF key_storage_type=FILE