Regenerate test certificates. Might be expired.

anhu · anhu · commit 8ad776e2f41e · 2023-08-10T15:25:14.000-04:00
diff --git a/openssl_patches/1.1.1b/tests/mksmime_certs.txt_111b.patch b/openssl_patches/1.1.1b/tests/mksmime_certs.txt_111b.patch
@@ -0,0 +1,108 @@
+diff --git a/test/smime-certs/mksmime-certs.sh b/test/smime-certs/mksmime-certs.sh
+index c98e164b..8fad96c2
+--- a/test/smime-certs/mksmime-certs.sh
++++ b/test/smime-certs/mksmime-certs.sh
+@@ -9,76 +9,75 @@
+ 
+ # Utility to recreate S/MIME certificates
+ 
+-OPENSSL=../../apps/openssl
+ OPENSSL_CONF=./ca.cnf
+ export OPENSSL_CONF
+ 
+ # Root CA: create certificate directly
+-CN="Test S/MIME RSA Root" $OPENSSL req -config ca.cnf -x509 -nodes \
++CN="Test S/MIME RSA Root" openssl req -config ca.cnf -x509 -nodes \
+ 	-keyout smroot.pem -out smroot.pem -newkey rsa:2048 -days 3650
+ 
+ # EE RSA certificates: create request first
+-CN="Test S/MIME EE RSA #1" $OPENSSL req -config ca.cnf -nodes \
++CN="Test S/MIME EE RSA #1" openssl req -config ca.cnf -nodes \
+ 	-keyout smrsa1.pem -out req.pem -newkey rsa:2048
+ # Sign request: end entity extensions
+-$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \
++openssl x509 -req -in req.pem -CA smroot.pem -days 3600 \
+ 	-extfile ca.cnf -extensions usr_cert -CAcreateserial >>smrsa1.pem
+ 
+-CN="Test S/MIME EE RSA #2" $OPENSSL req -config ca.cnf -nodes \
++CN="Test S/MIME EE RSA #2" openssl req -config ca.cnf -nodes \
+ 	-keyout smrsa2.pem -out req.pem -newkey rsa:2048
+-$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \
++openssl x509 -req -in req.pem -CA smroot.pem -days 3600 \
+ 	-extfile ca.cnf -extensions usr_cert -CAcreateserial >>smrsa2.pem
+ 
+-CN="Test S/MIME EE RSA #3" $OPENSSL req -config ca.cnf -nodes \
++CN="Test S/MIME EE RSA #3" openssl req -config ca.cnf -nodes \
+ 	-keyout smrsa3.pem -out req.pem -newkey rsa:2048
+-$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \
++openssl x509 -req -in req.pem -CA smroot.pem -days 3600 \
+ 	-extfile ca.cnf -extensions usr_cert -CAcreateserial >>smrsa3.pem
+ 
+ # Create DSA parameters
+ 
+-$OPENSSL dsaparam -out dsap.pem 2048
++openssl dsaparam -out dsap.pem 2048
+ 
+-CN="Test S/MIME EE DSA #1" $OPENSSL req -config ca.cnf -nodes \
++CN="Test S/MIME EE DSA #1" openssl req -config ca.cnf -nodes \
+ 	-keyout smdsa1.pem -out req.pem -newkey dsa:dsap.pem
+-$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \
++openssl x509 -req -in req.pem -CA smroot.pem -days 3600 \
+ 	-extfile ca.cnf -extensions usr_cert -CAcreateserial >>smdsa1.pem
+-CN="Test S/MIME EE DSA #2" $OPENSSL req -config ca.cnf -nodes \
++CN="Test S/MIME EE DSA #2" openssl req -config ca.cnf -nodes \
+ 	-keyout smdsa2.pem -out req.pem -newkey dsa:dsap.pem
+-$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \
++openssl x509 -req -in req.pem -CA smroot.pem -days 3600 \
+ 	-extfile ca.cnf -extensions usr_cert -CAcreateserial >>smdsa2.pem
+-CN="Test S/MIME EE DSA #3" $OPENSSL req -config ca.cnf -nodes \
++CN="Test S/MIME EE DSA #3" openssl req -config ca.cnf -nodes \
+ 	-keyout smdsa3.pem -out req.pem -newkey dsa:dsap.pem
+-$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \
++openssl x509 -req -in req.pem -CA smroot.pem -days 3600 \
+ 	-extfile ca.cnf -extensions usr_cert -CAcreateserial >>smdsa3.pem
+ 
+ # Create EC parameters
+ 
+-$OPENSSL ecparam -out ecp.pem -name P-256
+-$OPENSSL ecparam -out ecp2.pem -name K-283
++openssl ecparam -out ecp.pem -name P-256
++openssl ecparam -out ecp2.pem -name K-283
+ 
+-CN="Test S/MIME EE EC #1" $OPENSSL req -config ca.cnf -nodes \
++CN="Test S/MIME EE EC #1" openssl req -config ca.cnf -nodes \
+ 	-keyout smec1.pem -out req.pem -newkey ec:ecp.pem
+-$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \
++openssl x509 -req -in req.pem -CA smroot.pem -days 3600 \
+ 	-extfile ca.cnf -extensions usr_cert -CAcreateserial >>smec1.pem
+-CN="Test S/MIME EE EC #2" $OPENSSL req -config ca.cnf -nodes \
++CN="Test S/MIME EE EC #2" openssl req -config ca.cnf -nodes \
+ 	-keyout smec2.pem -out req.pem -newkey ec:ecp2.pem
+-$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \
++openssl x509 -req -in req.pem -CA smroot.pem -days 3600 \
+ 	-extfile ca.cnf -extensions usr_cert -CAcreateserial >>smec2.pem
+-CN="Test S/MIME EE EC #3" $OPENSSL req -config ca.cnf -nodes \
++CN="Test S/MIME EE EC #3" openssl req -config ca.cnf -nodes \
+ 	-keyout smec3.pem -out req.pem -newkey ec:ecp.pem
+-$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \
++openssl x509 -req -in req.pem -CA smroot.pem -days 3600 \
+ 	-extfile ca.cnf -extensions usr_cert -CAcreateserial >>smec3.pem
+ # Create X9.42 DH parameters.
+-$OPENSSL genpkey -genparam -algorithm DH -pkeyopt dh_paramgen_type:2 \
++openssl genpkey -genparam -algorithm DH -pkeyopt dh_paramgen_type:2 \
+ 	-out dhp.pem
+ # Generate X9.42 DH key.
+-$OPENSSL genpkey -paramfile dhp.pem -out smdh.pem
+-$OPENSSL pkey -pubout -in smdh.pem -out dhpub.pem
++openssl genpkey -paramfile dhp.pem -out smdh.pem
++openssl pkey -pubout -in smdh.pem -out dhpub.pem
+ # Generate dummy request.
+-CN="Test S/MIME EE DH #1" $OPENSSL req -config ca.cnf -nodes \
++CN="Test S/MIME EE DH #1" openssl req -config ca.cnf -nodes \
+ 	-keyout smtmp.pem -out req.pem -newkey rsa:2048
+ # Sign request but force public key to DH
+-$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \
++openssl x509 -req -in req.pem -CA smroot.pem -days 3600 \
+ 	-force_pubkey dhpub.pem \
+ 	-extfile ca.cnf -extensions usr_cert -CAcreateserial >>smdh.pem
+ # Remove temp files.
diff --git a/scripts/openssl-unit-tests.sh b/scripts/openssl-unit-tests.sh
@@ -261,6 +261,17 @@ setup_openssl_111b() {
 
         patch_openssl
 
+        #update the certificates so they are not expired.
+        cd test
+        cd certs
+        ./setup.sh
+        cd ..
+        cd smime-certs
+        chmod a+x mksmime-certs.sh
+        ./mksmime-certs.sh
+        cd ..
+        cd ..
+
         if [ -z "${OPENSSL_NO_CONFIG}" ]; then
             printf "\tConfiguring.\n"
             # Configure for debug.
