- Added support for RFC4055 SHA2 and SHA4 signature algorithms for
use with PKCS#1 v1.5 signing and verification.
- Added extra certificates to test-ca and test code to further test
functionality of SHA2 and SHA4 signing and verification.
- Updated other program files accordingly
diff --git a/programs/ssl/test-ca/gen_test_ca.sh b/programs/ssl/test-ca/gen_test_ca.sh
index 2e9e7a4..f55b260 100755
--- a/programs/ssl/test-ca/gen_test_ca.sh
+++ b/programs/ssl/test-ca/gen_test_ca.sh
@@ -19,24 +19,36 @@
openssl genrsa -out server2.key 2048
openssl genrsa -out client1.key 2048
openssl genrsa -out client2.key 2048
+openssl genrsa -out cert_sha224.key 2048
+openssl genrsa -out cert_sha256.key 2048
+openssl genrsa -out cert_sha384.key 2048
+openssl genrsa -out cert_sha512.key 2048
echo "Generating requests"
-cat sslconf.txt > sslconf_use.txt
-echo "CN=PolarSSL Server 1" >> sslconf_use.txt
+cat sslconf.txt > sslconf_use.txt;echo "CN=PolarSSL Server 1" >> sslconf_use.txt
openssl req -config sslconf_use.txt -new -key server1.key -out server1.req
-cat sslconf.txt > sslconf_use.txt
-echo "CN=PolarSSL Server 2" >> sslconf_use.txt
+cat sslconf.txt > sslconf_use.txt;echo "CN=PolarSSL Server 2" >> sslconf_use.txt
openssl req -config sslconf_use.txt -new -key server2.key -out server2.req
-cat sslconf.txt > sslconf_use.txt
-echo "CN=PolarSSL Client 1" >> sslconf_use.txt
+cat sslconf.txt > sslconf_use.txt;echo "CN=PolarSSL Client 1" >> sslconf_use.txt
openssl req -config sslconf_use.txt -new -key client1.key -out client1.req
-cat sslconf.txt > sslconf_use.txt
-echo "CN=PolarSSL Client 2" >> sslconf_use.txt
+cat sslconf.txt > sslconf_use.txt;echo "CN=PolarSSL Client 2" >> sslconf_use.txt
openssl req -config sslconf_use.txt -new -key client2.key -out client2.req
+cat sslconf.txt > sslconf_use.txt;echo "CN=PolarSSL Cert SHA224" >> sslconf_use.txt
+openssl req -config sslconf_use.txt -new -key cert_sha224.key -out cert_sha224.req -sha224
+
+cat sslconf.txt > sslconf_use.txt;echo "CN=PolarSSL Cert SHA256" >> sslconf_use.txt
+openssl req -config sslconf_use.txt -new -key cert_sha256.key -out cert_sha256.req -sha256
+
+cat sslconf.txt > sslconf_use.txt;echo "CN=PolarSSL Cert SHA384" >> sslconf_use.txt
+openssl req -config sslconf_use.txt -new -key cert_sha384.key -out cert_sha384.req -sha384
+
+cat sslconf.txt > sslconf_use.txt;echo "CN=PolarSSL Cert SHA512" >> sslconf_use.txt
+openssl req -config sslconf_use.txt -new -key cert_sha512.key -out cert_sha512.req -sha512
+
echo "Signing requests"
for i in server1 server2 client1 client2;
do
@@ -44,6 +56,12 @@
-batch -in $i.req
done
+for i in 224 256 384 512;
+do
+ openssl ca -config sslconf.txt -out cert_sha$i.crt -passin pass:$PASSWORD \
+ -batch -in cert_sha$i.req -md sha$i
+done
+
echo "Revoking firsts"
openssl ca -batch -config sslconf.txt -revoke server1.crt -passin pass:$PASSWORD
openssl ca -batch -config sslconf.txt -revoke client1.crt -passin pass:$PASSWORD