[Swan-dev] Generate test certificates iff missing

Matt Rogers mrogers at redhat.com
Thu Oct 22 15:02:57 UTC 2015


----- Original Message -----
> From: "Andrew Cagney" <andrew.cagney at gmail.com>
> To: "Libreswan Development List" <swan-dev at lists.libreswan.org>
> Sent: Thursday, October 22, 2015 10:32:12 AM
> Subject: [Swan-dev] Generate test certificates iff missing
> 
> I'd like to change testing/pluto/Makefile so that "make check" will
> generate the certificates iff they are missing (or to be precise, if
> the certificate testing/x509/keys/mainca.key is missing).
> 
> - to generate the certificates it will use EAST (although as Matt
> pointed out it should probably technically use NIC)
> 
East is fine, since the certs go in the shared directory anyways.

> - it will only generate the certificates if they are missing; i.e.,
> second and further "make check" won't generate new certificates
> 
> - or to put it the other way, it won't re-generate the certificates if
> they are out-of-date (dist_certs.py newer than mainca.key)
> 
> - this does assume that you VM is less than 3 months old
> 

One note is that the CRLs (except for needupdate.crl) are valid for 15 
days, so at that point dist_certs should be re-run.

Matt


More information about the Swan-dev mailing list