- Added support for RFC4055 SHA2 and SHA4 signature algorithms for

use with PKCS#1 v1.5 signing and verification. - Added extra certificates to test-ca and test code to further test functionality of SHA2 and SHA4 signing and verification. - Updated other program files accordingly
2026-03-25 03:48:43 +00:00 · 2009-02-09 22:32:35 +00:00
parent b29e23c586
commit 4593aeadaf
42 changed files with 1627 additions and 663 deletions
--- a/programs/ssl/test-ca/gen_test_ca.sh
+++ b/programs/ssl/test-ca/gen_test_ca.sh
@@ -19,24 +19,36 @@ openssl genrsa -out server1.key 2048
 openssl genrsa -out server2.key 2048
 openssl genrsa -out client1.key 2048
 openssl genrsa -out client2.key 2048
+openssl genrsa -out cert_sha224.key 2048
+openssl genrsa -out cert_sha256.key 2048
+openssl genrsa -out cert_sha384.key 2048
+openssl genrsa -out cert_sha512.key 2048

 echo "Generating requests"
-cat sslconf.txt > sslconf_use.txt 
-echo "CN=PolarSSL Server 1" >> sslconf_use.txt
+cat sslconf.txt > sslconf_use.txt;echo "CN=PolarSSL Server 1" >> sslconf_use.txt
 openssl req -config sslconf_use.txt -new -key server1.key -out server1.req

-cat sslconf.txt > sslconf_use.txt 
-echo "CN=PolarSSL Server 2" >> sslconf_use.txt
+cat sslconf.txt > sslconf_use.txt;echo "CN=PolarSSL Server 2" >> sslconf_use.txt
 openssl req -config sslconf_use.txt -new -key server2.key -out server2.req

-cat sslconf.txt > sslconf_use.txt 
-echo "CN=PolarSSL Client 1" >> sslconf_use.txt
+cat sslconf.txt > sslconf_use.txt;echo "CN=PolarSSL Client 1" >> sslconf_use.txt
 openssl req -config sslconf_use.txt -new -key client1.key -out client1.req

-cat sslconf.txt > sslconf_use.txt 
-echo "CN=PolarSSL Client 2" >> sslconf_use.txt
+cat sslconf.txt > sslconf_use.txt;echo "CN=PolarSSL Client 2" >> sslconf_use.txt
 openssl req -config sslconf_use.txt -new -key client2.key -out client2.req

+cat sslconf.txt > sslconf_use.txt;echo "CN=PolarSSL Cert SHA224" >> sslconf_use.txt
+openssl req -config sslconf_use.txt -new -key cert_sha224.key -out cert_sha224.req -sha224
+
+cat sslconf.txt > sslconf_use.txt;echo "CN=PolarSSL Cert SHA256" >> sslconf_use.txt
+openssl req -config sslconf_use.txt -new -key cert_sha256.key -out cert_sha256.req -sha256
+
+cat sslconf.txt > sslconf_use.txt;echo "CN=PolarSSL Cert SHA384" >> sslconf_use.txt
+openssl req -config sslconf_use.txt -new -key cert_sha384.key -out cert_sha384.req -sha384
+
+cat sslconf.txt > sslconf_use.txt;echo "CN=PolarSSL Cert SHA512" >> sslconf_use.txt
+openssl req -config sslconf_use.txt -new -key cert_sha512.key -out cert_sha512.req -sha512
+
 echo "Signing requests"
 for i in server1 server2 client1 client2;
 do
@@ -44,6 +56,12 @@ do
 	-batch -in $i.req
 done

+for i in 224 256 384 512;
+do
+  openssl ca -config sslconf.txt -out cert_sha$i.crt -passin pass:$PASSWORD \
+	-batch -in cert_sha$i.req -md sha$i
+done
+
 echo "Revoking firsts"
 openssl ca -batch -config sslconf.txt -revoke server1.crt -passin pass:$PASSWORD
 openssl ca -batch -config sslconf.txt -revoke client1.crt -passin pass:$PASSWORD