mbedtls/tests/data_files/dir-maxpath/long.sh
Manuel Pégourié-Gonnard 4770dbc913 Add test for limit on intermediate certificates
Inspired by test code provided by Nicholas Wilson in PR #351.

The test will fail if someone sets MAX_INTERMEDIATE_CA to a value larger than
18 (default is 8), which is hopefully unlikely and can easily be fixed by
running long.sh again with a larger value if it ever happens.

Current behaviour is suboptimal as flags are not set, but currently the goal
is only to document/test existing behaviour.
2017-07-28 12:19:49 +01:00

34 lines
846 B
Bash
Executable File

#!/bin/sh
set -eu
: ${OPENSSL:=openssl}
NB=20
OPT="-days 3653 -sha256"
# generate self-signed root
$OPENSSL ecparam -name prime256v1 -genkey -out 00.key
$OPENSSL req -new -x509 -subj "/C=UK/O=mbed TLS/CN=CA00" $OPT \
-key 00.key -out 00.crt
# cXX.pem is the chain starting at XX
cp 00.crt c00.pem
# generate long chain
for i in $(seq 1 $NB); do
UP=$( printf "%02d" $((i-1)) )
ME=$( printf "%02d" $i )
$OPENSSL ecparam -name prime256v1 -genkey -out ${ME}.key
$OPENSSL req -new -subj "/C=UK/O=mbed TLS/CN=CA${ME}" \
-key ${ME}.key -out ${ME}.csr
$OPENSSL x509 -req -CA ${UP}.crt -CAkey ${UP}.key -set_serial 1 $OPT \
-extfile int.opensslconf -extensions int \
-in ${ME}.csr -out ${ME}.crt
cat ${ME}.crt c${UP}.pem > c${ME}.pem
rm ${ME}.csr
done