Merge pull request #115 from hfmanson/master

ca signed certs, fixed web templates

Author: vanrein

testdata/Makefile

@@ -41,7 +41,7 @@ PGPRSABITS ?= 2048
 # The directory with tools, defaulting to ../tool in the git base
 # Note that testdata is meant for developers, so assuming git is usually the best
 #
-TOOLDIR ?= $(shell pwd)/../tool
+TOOLDIR ?= $(shell pwd)/../build/tool
 
 #
 # Load a few things from tlspool.conf; these are assumed present while testing
@@ -252,15 +252,15 @@ tlspool-test-server-pubkey.pgp:
 	$(CERTTOOL) --pgp-certificate-info --infile $@ --inraw --outfile $(@:.pgp=.asc)
 
 # Key 3: X.509 Client Certificate
-tlspool-test-client-cert.der: tlspool-test-client-cert.template
+tlspool-test-client-cert.der: tlspool-test-client-cert.template tlspool-test-ca-cert.der
 	echo Using PRIVKEY3, '$(PRIVKEY3)'
-	$(CERTTOOL) --outfile $@ --outder --generate-self-signed --load-privkey='$(PRIVKEY3)' --template=$<
+	$(CERTTOOL) --outfile $@ --outder --generate-certificate --load-ca-certificate=tlspool-test-ca-cert.pem --load-ca-privkey='$(PRIVKEY5)' --load-privkey='$(PRIVKEY3)' --template=$<
 	$(CERTTOOL) --certificate-info --infile $@ --inder --outfile $(@:.der=.pem)
 
 # Key 4: X.509 Server Certificate with user@ domain name
-tlspool-test-server-cert.der: tlspool-test-server-cert.template
+tlspool-test-server-cert.der: tlspool-test-server-cert.template tlspool-test-ca-cert.der
 	echo Using PRIVKEY4, '$(PRIVKEY4)'
-	$(CERTTOOL) --outfile $@ --outder --generate-self-signed --load-privkey='$(PRIVKEY4)' --template=$<
+	$(CERTTOOL) --outfile $@ --outder --generate-certificate --load-ca-certificate=tlspool-test-ca-cert.pem --load-ca-privkey='$(PRIVKEY5)' --load-privkey='$(PRIVKEY4)' --template=$<
 	$(CERTTOOL) --certificate-info --infile $@ --inder --outfile $(@:.der=.pem)
 
 # Key 5: Test CA (for chained certificates)
@@ -281,14 +281,14 @@ tlspool-test-flying-signer.der: tlspool-test-flying-signer.template
 	$(CERTTOOL) --certificate-info --infile $@ --inder --outfile $(@:.der=.pem)
 
 # Key 7: X.509 Server Certificate with just a host name
-tlspool-test-webhost-cert.der: tlspool-test-webhost-cert.template
+tlspool-test-webhost-cert.der: tlspool-test-webhost-cert.template tlspool-test-ca-cert.der
 	echo Using PRIVKEY7, '$(PRIVKEY7)'
-	$(CERTTOOL) --outfile $@ --outder --generate-self-signed --load-privkey='$(PRIVKEY7)' --template=$<
+	$(CERTTOOL) --outfile $@ --outder --generate-certificate --load-ca-certificate=tlspool-test-ca-cert.pem --load-ca-privkey='$(PRIVKEY5)' --load-privkey='$(PRIVKEY7)' --template=$<
 
 # Key 8: X.509 Server Certificate with just a host name
-tlspool-test-playground-cert.der: tlspool-test-playground-cert.template
+tlspool-test-playground-cert.der: tlspool-test-playground-cert.template tlspool-test-ca-cert.der
 	echo Using PRIVKEY8, '$(PRIVKEY8)'
-	$(CERTTOOL) --outfile $@ --outder --generate-self-signed --load-privkey='$(PRIVKEY8)' --template=$<
+	$(CERTTOOL) --outfile $@ --outder --generate-certificate --load-ca-certificate=tlspool-test-ca-cert.pem --load-ca-privkey='$(PRIVKEY5)' --load-privkey='$(PRIVKEY8)' --template=$<
 
 
 # Turn a .der into a .keyid

testdata/tlspool-test-ca-cert.template

@@ -135,7 +135,7 @@ crl_signing_key
 #code_signing_key
 
 # Whether this key will be used to sign OCSP data.
-ocsp_signing_key
+#ocsp_signing_key
 
 # Whether this key will be used for time stamping.
 #time_stamping_key

testdata/tlspool-test-playground-cert.template

@@ -18,7 +18,7 @@ state = "Freedom"
 # country = GR
 
 # The common name of the certificate owner.
-cn = "TLS Pool Test X.509 Server"
+cn = "TLS Pool Test X.509 Playground Server"
 
 # A user id of the certificate owner.
 #uid = "clauper"
@@ -118,15 +118,6 @@ encryption_key
 # Whether this certificate will be used for a TLS server
 tls_www_server
 
-# Whether this certificate will be used to sign data (needed
-# in TLS DHE ciphersuites).
-signing_key
-
-# Whether this certificate will be used to encrypt data (needed
-# in TLS RSA ciphersuites). Note that it is preferred to use different
-# keys for encryption and signing.
-encryption_key
-
 # Whether this key will be used to sign other certificates.
 # cert_signing_key
 
@@ -137,7 +128,7 @@ crl_signing_key
 #code_signing_key
 
 # Whether this key will be used to sign OCSP data.
-ocsp_signing_key
+#ocsp_signing_key
 
 # Whether this key will be used for time stamping.
 #time_stamping_key

testdata/tlspool-test-webhost-cert.template

@@ -18,7 +18,7 @@ state = "Freedom"
 # country = GR
 
 # The common name of the certificate owner.
-cn = "TLS Pool Test X.509 Server"
+cn = "TLS Pool Test X.509 Webhost Server"
 
 # A user id of the certificate owner.
 #uid = "clauper"
@@ -118,15 +118,6 @@ encryption_key
 # Whether this certificate will be used for a TLS server
 tls_www_server
 
-# Whether this certificate will be used to sign data (needed
-# in TLS DHE ciphersuites).
-signing_key
-
-# Whether this certificate will be used to encrypt data (needed
-# in TLS RSA ciphersuites). Note that it is preferred to use different
-# keys for encryption and signing.
-encryption_key
-
 # Whether this key will be used to sign other certificates.
 # cert_signing_key
 
@@ -137,7 +128,7 @@ crl_signing_key
 #code_signing_key
 
 # Whether this key will be used to sign OCSP data.
-ocsp_signing_key
+#ocsp_signing_key
 
 # Whether this key will be used for time stamping.
 #time_stamping_key