wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-30 18:57:27 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #6507 from bandi13/fix_certs_ocsp_renewcerts

Browse Source 
Fix certs ocsp renewcerts
This commit is contained in:
David Garske
2023-06-21 11:26:59 -07:00
committed by GitHub
parent 9204101e94 76cf3d61a0
commit 1bff338e37
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
certs/ocsp/renewcerts.sh
View File

@ -80,10 +80,10 @@ update_cert server3 "www3.wolfssl.com" intermediate2-ca
update_cert server4 "www4.wolfssl.com" intermediate2-ca v3_req2 08 # REVOKED update_cert server4 "www4.wolfssl.com" intermediate2-ca v3_req2 08 # REVOKED
update_cert server5 "www5.wolfssl.com" intermediate3-ca v3_req3 09 update_cert server5 "www5.wolfssl.com" intermediate3-ca v3_req3 09
# Create response DER buffer for test # Create response DER buffer for test
openssl ocsp -port 22221 -ndays 1000 -index index-ca-and-intermediate-cas.txt -rsigner ocsp-responder-cert.pem -rkey ocsp-responder-key.pem -CA root-ca-cert.pem -partial_chain & openssl ocsp -port 22221 -ndays 1000 -index index-ca-and-intermediate-cas.txt -rsigner ocsp-responder-cert.pem -rkey ocsp-responder-key.pem -CA root-ca-cert.pem -partial_chain &
PID=$! PID=$!
sleep 1 # Make sure server is ready
openssl ocsp -issuer ./root-ca-cert.pem -cert ./intermediate1-ca-cert.pem -url http://localhost:22221/ -respout test-response.der -noverify openssl ocsp -issuer ./root-ca-cert.pem -cert ./intermediate1-ca-cert.pem -url http://localhost:22221/ -respout test-response.der -noverify
openssl ocsp -issuer ./root-ca-cert.pem -cert ./intermediate1-ca-cert.pem -url http://localhost:22221/ -respout test-response-nointern.der -no_intern -noverify openssl ocsp -issuer ./root-ca-cert.pem -cert ./intermediate1-ca-cert.pem -url http://localhost:22221/ -respout test-response-nointern.der -no_intern -noverify
@ -95,6 +95,7 @@ wait $PID
# now start up a responder that signs using rsa-pss # now start up a responder that signs using rsa-pss
openssl ocsp -port 22221 -ndays 1000 -index index-ca-and-intermediate-cas.txt -rsigner ocsp-responder-cert.pem -rkey ocsp-responder-key.pem -CA root-ca-cert.pem -rsigopt rsa_padding_mode:pss & openssl ocsp -port 22221 -ndays 1000 -index index-ca-and-intermediate-cas.txt -rsigner ocsp-responder-cert.pem -rkey ocsp-responder-key.pem -CA root-ca-cert.pem -rsigopt rsa_padding_mode:pss &
PID=$! PID=$!
sleep 1 # Make sure server is ready
openssl ocsp -issuer ./root-ca-cert.pem -cert ./intermediate1-ca-cert.pem -url http://localhost:22221/ -respout test-response-rsapss.der -noverify openssl ocsp -issuer ./root-ca-cert.pem -cert ./intermediate1-ca-cert.pem -url http://localhost:22221/ -respout test-response-rsapss.der -noverify
# can verify with the following command # can verify with the following command