X-Git-Url: http://www.wagner.pp.ru/gitweb/?a=blobdiff_plain;f=tcl_tests%2Fca.try;h=7da25de2eae2691dcc10e72f944d38a65301d4d2;hb=HEAD;hp=3c7b61e317b88854868782caf5620c40501759ed;hpb=986905842330e4a54e61334eb508fe3147c43e38;p=openssl-gost%2Fengine.git diff --git a/tcl_tests/ca.try b/tcl_tests/ca.try index 3c7b61e..a1ac8ed 100644 --- a/tcl_tests/ca.try +++ b/tcl_tests/ca.try @@ -61,9 +61,9 @@ test -skip {![file exists $userdir/broken.pem]} "Registering broken request at c test "Revoking certificate" { set revoking_cert $::test::ca/newcerts/[string trim [getFile $::test::ca/serial.old]].pem append serial_list [regsub "serial=" [openssl "x509 -in $revoking_cert -noout -serial"] " Serial Number: "] - grep "Data Base" [openssl "ca -crl_reason keyCompromize -crl_compromise [clock\ - format [clock seconds] -format %Y%m%d%H%M%SZ] -revoke $revoking_cert -config $::test::ca/ca.conf"] -} 0 "Data Base Updated + string map {"Data Base" Database Updated updated} [ grep "Data" [openssl "ca -crl_reason keyCompromize -crl_compromise [clock\ + format [clock seconds] -format %Y%m%d%H%M%SZ] -revoke $revoking_cert -config $::test::ca/ca.conf"] ] +} 0 "Database updated " test -createsfiles test.crl "Generating CRL" { openssl "ca -gencrl -config $::test::ca/ca.conf -out test.crl" @@ -73,11 +73,14 @@ test -createsfiles test.crl "Generating CRL" { test -skip {![file exists test.crl]} "Displaying CRL" { - regsub -all " = " [grep "(Serial|Version|Signature Alg|Issuer)" [openssl "crl -text -noout -in test.crl"] ] "=" -} 0 " Version 2 (0x1) - Signature Algorithm: [hash_with_sign_long_name $ca_alg] - Issuer: C=RU, L=Moscow, CN=Test CA $ca_alg, O=Cryptocom, OU=OpenSSL CA, emailAddress=openssl@cryptocom.ru -$serial_list Signature Algorithm: [hash_with_sign_long_name $ca_alg] + regsub -all " +" [ + regsub -all " = " [grep "(Serial|Version|Signature Alg|Issuer)" [openssl "crl -text -noout -in test.crl"] ] "=" + ] " " +} 0 " Version 2 (0x1) + Signature Algorithm: [hash_with_sign_long_name $ca_alg] + Issuer: C=RU, L=Moscow, CN=Test CA $ca_alg, O=Cryptocom, OU=OpenSSL CA, emailAddress=openssl@cryptocom.ru +[regsub -all " +" $serial_list " "]\ + Signature Algorithm: [hash_with_sign_long_name $ca_alg] " test -skip {![file exists test.crl]} "Verifying CRL OK" { @@ -88,8 +91,7 @@ test -skip {![file exists test.crl]} "Verifying CRL OK" { test -skip {![file exists test.crl]} "Verifying corrupted CRL" { makeFile "badcrl.pem" [hackPem "\01\x1E" [getFile test.crl] "\01\0"] grep verify [openssl "crl -in badcrl.pem -noout -CAfile $::test::ca/cacert.pem"] -} 0 "verify failure -" +} -1 "verify failure" test "Verifying CA certificate" { grep "(cacert.pem|error|OK)" [openssl "verify -CAfile $::test::ca/cacert.pem $::test::ca/cacert.pem"]