[Swan-dev] generating x509 certificates
Matt Rogers
mrogers at redhat.com
Wed Feb 4 00:27:22 EET 2015
On 02/03, Andrew Cagney wrote:
> Hi,
>
> I've hit a few problems when trying to run the tests that require
> certificates. The main one is that the script dist_certs fails as
> openssl (Fedora release 20 (Heisenbug) at least) doesn't like
> generating the bad certificate:
>
> The organizationName field needed to be the same in the
> CA certificate (Libreswan) and the request (Traitors Inc)
>
> Look for the command:
>
> openssl ca -batch -in reqs/wrongdnorg.req -startdate ...
>
> Perhaps I'm instead meant to run dist_certs.py? This, however, lends
> itself to the other problem: dist_certs (not dist_certs.py) is run by
> testing/libvirt/install.sh. The script (which ever it is) should be
> run as part of pluto's make check.
>
> Andrew
> _______________________________________________
> Swan-dev mailing list
> Swan-dev at lists.libreswan.org
> https://lists.libreswan.org/mailman/listinfo/swan-dev
Hey, sorry for the late reply here. Been away from email/irc for the
day. In short the dist_certs.py is the WIP replacement for the
shell script, however right now it is only tuned to x509 tests that
are not a part of the make check list. IIRC ones that are still in the
list are just basic cases and use the east/west certs. So for the full
run you will want to still use dist_certs.
I have a _lot_ of changes to the certificate code on the way and part
of that will be revised set of x509 tests that can be included in make
check, so when we're ready I'll be sure to update it with dist_certs.py
Regards,
Matt
More information about the Swan-dev
mailing list