#!/bin/sh
#
-# $OpenBSD: appstest.sh,v 1.12 2018/09/08 09:34:12 inoguchi Exp $
+# $OpenBSD: appstest.sh,v 1.13 2018/09/08 11:12:27 inoguchi Exp $
#
# Copyright (c) 2016 Kinichiro Inoguchi <inoguchi@openbsd.org>
#
#
function section_message {
- echo ""
- echo "#---------#---------#---------#---------#---------#---------#---------#--------"
- echo "==="
- echo "=== (Section) $1 `date +'%Y/%m/%d %H:%M:%S'`"
- echo "==="
+ echo ""
+ echo "#---------#---------#---------#---------#---------#---------#---------#--------"
+ echo "==="
+ echo "=== (Section) $1 `date +'%Y/%m/%d %H:%M:%S'`"
+ echo "==="
}
function start_message {
- echo ""
- echo "[TEST] $1"
+ echo ""
+ echo "[TEST] $1"
}
function stop_s_server {
- if [ ! -z "$s_server_pid" ] ; then
- echo ":-| stop s_server [ $s_server_pid ]"
- sleep 1
- kill -TERM $s_server_pid
- wait $s_server_pid
- s_server_pid=
- fi
+ if [ ! -z "$s_server_pid" ] ; then
+ echo ":-| stop s_server [ $s_server_pid ]"
+ sleep 1
+ kill -TERM $s_server_pid
+ wait $s_server_pid
+ s_server_pid=
+ fi
}
function check_exit_status {
- status=$1
- if [ $status -ne 0 ] ; then
- stop_s_server
- echo ":-< error occurs, exit status = [ $status ]"
- exit $status
- else
- echo ":-) success. "
- fi
+ status=$1
+ if [ $status -ne 0 ] ; then
+ stop_s_server
+ echo ":-< error occurs, exit status = [ $status ]"
+ exit $status
+ else
+ echo ":-) success. "
+ fi
}
function usage {
- echo "usage: appstest.sh [-q]"
+ echo "usage: appstest.sh [-q]"
}
-#---------#---------#---------#---------#---------#---------#---------#---------
function test_usage_lists_others {
-# === COMMAND USAGE ===
-section_message "COMMAND USAGE"
-
-start_message "output usages of all commands."
-
-cmds=`$openssl_bin list-standard-commands`
-$openssl_bin -help 2>> $user1_dir/usages.out
-for c in $cmds ; do
- $openssl_bin $c -help 2>> $user1_dir/usages.out
-done
-
-start_message "check all list-* commands."
-
-lists=""
-lists="$lists list-standard-commands"
-lists="$lists list-message-digest-commands list-message-digest-algorithms"
-lists="$lists list-cipher-commands list-cipher-algorithms"
-lists="$lists list-public-key-algorithms"
-
-listsfile=$user1_dir/lists.out
-
-for l in $lists ; do
- echo "" >> $listsfile
- echo "$l" >> $listsfile
- $openssl_bin $l >> $listsfile
-done
-
-start_message "check interactive mode"
-$openssl_bin <<__EOF__
+ # === COMMAND USAGE ===
+ section_message "COMMAND USAGE"
+
+ start_message "output usages of all commands."
+
+ cmds=`$openssl_bin list-standard-commands`
+ $openssl_bin -help 2>> $user1_dir/usages.out
+ for c in $cmds ; do
+ $openssl_bin $c -help 2>> $user1_dir/usages.out
+ done
+
+ start_message "check all list-* commands."
+
+ lists=""
+ lists="$lists list-standard-commands"
+ lists="$lists list-message-digest-commands list-message-digest-algorithms"
+ lists="$lists list-cipher-commands list-cipher-algorithms"
+ lists="$lists list-public-key-algorithms"
+
+ listsfile=$user1_dir/lists.out
+
+ for l in $lists ; do
+ echo "" >> $listsfile
+ echo "$l" >> $listsfile
+ $openssl_bin $l >> $listsfile
+ done
+
+ start_message "check interactive mode"
+ $openssl_bin <<__EOF__
help
quit
__EOF__
-check_exit_status $?
-
-#---------#---------#---------#---------#---------#---------#---------#---------
-
-# --- listing operations ---
-section_message "listing operations"
-
-start_message "ciphers"
-$openssl_bin ciphers -V
-check_exit_status $?
-
-start_message "errstr"
-$openssl_bin errstr 2606A074
-check_exit_status $?
-$openssl_bin errstr -stats 2606A074 > $user1_dir/errstr-stats.out
-check_exit_status $?
-
-#---------#---------#---------#---------#---------#---------#---------#---------
-
-# --- random number etc. operations ---
-section_message "random number etc. operations"
-
-start_message "passwd"
-
-pass="test-pass-1234"
-
-echo $pass | $openssl_bin passwd -stdin -1
-check_exit_status $?
-
-echo $pass | $openssl_bin passwd -stdin -apr1
-check_exit_status $?
-
-echo $pass | $openssl_bin passwd -stdin -crypt
-check_exit_status $?
-
-start_message "prime"
-
-$openssl_bin prime 1
-check_exit_status $?
-
-$openssl_bin prime 2
-check_exit_status $?
-
-$openssl_bin prime -bits 64 -checks 3 -generate -hex -safe 5
-check_exit_status $?
-
-start_message "rand"
-
-$openssl_bin rand -base64 100
-check_exit_status $?
-
-$openssl_bin rand -hex 100
-check_exit_status $?
+ check_exit_status $?
+
+ #---------#---------#---------#---------#---------#---------#---------
+
+ # --- listing operations ---
+ section_message "listing operations"
+
+ start_message "ciphers"
+ $openssl_bin ciphers -V
+ check_exit_status $?
+
+ start_message "errstr"
+ $openssl_bin errstr 2606A074
+ check_exit_status $?
+ $openssl_bin errstr -stats 2606A074 > $user1_dir/errstr-stats.out
+ check_exit_status $?
+
+ #---------#---------#---------#---------#---------#---------#---------
+
+ # --- random number etc. operations ---
+ section_message "random number etc. operations"
+
+ start_message "passwd"
+
+ pass="test-pass-1234"
+
+ echo $pass | $openssl_bin passwd -stdin -1
+ check_exit_status $?
+
+ echo $pass | $openssl_bin passwd -stdin -apr1
+ check_exit_status $?
+
+ echo $pass | $openssl_bin passwd -stdin -crypt
+ check_exit_status $?
+
+ start_message "prime"
+
+ $openssl_bin prime 1
+ check_exit_status $?
+
+ $openssl_bin prime 2
+ check_exit_status $?
+
+ $openssl_bin prime -bits 64 -checks 3 -generate -hex -safe 5
+ check_exit_status $?
+
+ start_message "rand"
+
+ $openssl_bin rand -base64 100
+ check_exit_status $?
+
+ $openssl_bin rand -hex 100
+ check_exit_status $?
}
-#---------#---------#---------#---------#---------#---------#---------#---------
function test_md {
-# === MESSAGE DIGEST COMMANDS ===
-section_message "MESSAGE DIGEST COMMANDS"
-
-start_message "dgst - See [MESSAGE DIGEST COMMANDS] section."
-
-text="1234567890abcdefghijklmnopqrstuvwxyz"
-dgstdat=$user1_dir/dgst.dat
-echo $text > $dgstdat
-hmac_key="test-hmac-key"
-cmac_key="1234567890abcde1234567890abcde12"
-
-digests=`$openssl_bin list-message-digest-commands`
-
-for d in $digests ; do
-
- echo -n "$d ... "
- $openssl_bin dgst -$d -out $dgstdat.$d $dgstdat
- check_exit_status $?
-
- echo -n "$d HMAC ... "
- $openssl_bin dgst -$d -hmac $hmac_key -out $dgstdat.$d.hmac $dgstdat
- check_exit_status $?
-
- echo -n "$d CMAC ... "
- $openssl_bin dgst -$d -mac cmac -macopt cipher:aes-128-cbc -macopt hexkey:$cmac_key \
- -out $dgstdat.$d.cmac $dgstdat
- check_exit_status $?
-done
+ # === MESSAGE DIGEST COMMANDS ===
+ section_message "MESSAGE DIGEST COMMANDS"
+
+ start_message "dgst - See [MESSAGE DIGEST COMMANDS] section."
+
+ text="1234567890abcdefghijklmnopqrstuvwxyz"
+ dgstdat=$user1_dir/dgst.dat
+ echo $text > $dgstdat
+ hmac_key="test-hmac-key"
+ cmac_key="1234567890abcde1234567890abcde12"
+
+ digests=`$openssl_bin list-message-digest-commands`
+
+ for d in $digests ; do
+
+ echo -n "$d ... "
+ $openssl_bin dgst -$d -out $dgstdat.$d $dgstdat
+ check_exit_status $?
+
+ echo -n "$d HMAC ... "
+ $openssl_bin dgst -$d -hmac $hmac_key -out $dgstdat.$d.hmac \
+ $dgstdat
+ check_exit_status $?
+
+ echo -n "$d CMAC ... "
+ $openssl_bin dgst -$d -mac cmac -macopt cipher:aes-128-cbc \
+ -macopt hexkey:$cmac_key -out $dgstdat.$d.cmac $dgstdat
+ check_exit_status $?
+ done
}
-#---------#---------#---------#---------#---------#---------#---------#---------
function test_encoding_cipher {
-# === ENCODING AND CIPHER COMMANDS ===
-section_message "ENCODING AND CIPHER COMMANDS"
-
-start_message "enc - See [ENCODING AND CIPHER COMMANDS] section."
-
-text="1234567890abcdefghijklmnopqrstuvwxyz"
-encfile=$user1_dir/encfile.dat
-echo $text > $encfile
-pass="test-pass-1234"
-
-ciphers=`$openssl_bin list-cipher-commands`
-
-for c in $ciphers ; do
- echo -n "$c ... encoding ... "
- $openssl_bin enc -$c -e -base64 -pass pass:$pass -in $encfile -out $encfile-$c.enc
- check_exit_status $?
-
- echo -n "decoding ... "
- $openssl_bin enc -$c -d -base64 -pass pass:$pass -in $encfile-$c.enc -out $encfile-$c.dec
- check_exit_status $?
-
- echo -n "cmp ... "
- cmp $encfile $encfile-$c.dec
- check_exit_status $?
-done
+ # === ENCODING AND CIPHER COMMANDS ===
+ section_message "ENCODING AND CIPHER COMMANDS"
+
+ start_message "enc - See [ENCODING AND CIPHER COMMANDS] section."
+
+ text="1234567890abcdefghijklmnopqrstuvwxyz"
+ encfile=$user1_dir/encfile.dat
+ echo $text > $encfile
+ pass="test-pass-1234"
+
+ ciphers=`$openssl_bin list-cipher-commands`
+
+ for c in $ciphers ; do
+ echo -n "$c ... encoding ... "
+ $openssl_bin enc -$c -e -base64 -pass pass:$pass \
+ -in $encfile -out $encfile-$c.enc
+ check_exit_status $?
+
+ echo -n "decoding ... "
+ $openssl_bin enc -$c -d -base64 -pass pass:$pass \
+ -in $encfile-$c.enc -out $encfile-$c.dec
+ check_exit_status $?
+
+ echo -n "cmp ... "
+ cmp $encfile $encfile-$c.dec
+ check_exit_status $?
+ done
}
-#---------#---------#---------#---------#---------#---------#---------#---------
function test_key {
-# === various KEY operations ===
-section_message "various KEY operations"
-
-key_pass=test-key-pass
-
-# DH
-
-start_message "gendh - Obsoleted by dhparam."
-gendh2=$key_dir/gendh2.pem
-$openssl_bin gendh -2 -out $gendh2
-check_exit_status $?
-
-start_message "dh - Obsoleted by dhparam."
-$openssl_bin dh -in $gendh2 -check -text -out $gendh2.out
-check_exit_status $?
-
-if [ $no_long_tests = 0 ] ; then
- start_message "dhparam - Superseded by genpkey and pkeyparam."
- dhparam2=$key_dir/dhparam2.pem
- $openssl_bin dhparam -2 -out $dhparam2
- check_exit_status $?
- $openssl_bin dhparam -in $dhparam2 -check -text -out $dhparam2.out
- check_exit_status $?
-else
- start_message "SKIPPNG dhparam - Superseded by genpkey and pkeyparam. (quick mode)"
-fi
-
-# DSA
-
-start_message "dsaparam - Superseded by genpkey and pkeyparam."
-dsaparam512=$key_dir/dsaparam512.pem
-$openssl_bin dsaparam -genkey -out $dsaparam512 512
-check_exit_status $?
-
-start_message "dsa"
-$openssl_bin dsa -in $dsaparam512 -text -out $dsaparam512.out
-check_exit_status $?
-
-start_message "gendsa - Superseded by genpkey and pkey."
-gendsa_des3=$key_dir/gendsa_des3.pem
-$openssl_bin gendsa -des3 -out $gendsa_des3 -passout pass:$key_pass $dsaparam512
-check_exit_status $?
-
-# RSA
-
-start_message "genrsa - Superseded by genpkey."
-genrsa_aes256=$key_dir/genrsa_aes256.pem
-$openssl_bin genrsa -f4 -aes256 -out $genrsa_aes256 -passout pass:$key_pass 2048
-check_exit_status $?
-
-start_message "rsa"
-$openssl_bin rsa -in $genrsa_aes256 -passin pass:$key_pass -check -text -out $genrsa_aes256.out
-check_exit_status $?
-
-start_message "rsautl - Superseded by pkeyutl."
-rsautldat=$key_dir/rsautl.dat
-rsautlsig=$key_dir/rsautl.sig
-echo "abcdefghijklmnopqrstuvwxyz1234567890" > $rsautldat
-
-$openssl_bin rsautl -sign -in $rsautldat -inkey $genrsa_aes256 -passin pass:$key_pass -out $rsautlsig
-check_exit_status $?
-
-$openssl_bin rsautl -verify -in $rsautlsig -inkey $genrsa_aes256 -passin pass:$key_pass
-check_exit_status $?
-
-# EC
-
-start_message "ecparam -list-curves"
-$openssl_bin ecparam -list_curves
-check_exit_status $?
-
-# get all EC curves
-ec_curves=`$openssl_bin ecparam -list_curves | grep ':' | cut -d ':' -f 1`
-
-start_message "ecparam and ec"
-
-for curve in $ec_curves ;
-do
- ecparam=$key_dir/ecparam_$curve.pem
-
- echo -n "ec - $curve ... ecparam ... "
- $openssl_bin ecparam -out $ecparam -name $curve -genkey -param_enc explicit \
- -conv_form compressed -C
- check_exit_status $?
-
- echo -n "ec ... "
- $openssl_bin ec -in $ecparam -text -out $ecparam.out 2> /dev/null
- check_exit_status $?
-done
-
-# PKEY
-
-start_message "genpkey"
-
-# DH by GENPKEY
-
-genpkey_dh_param=$key_dir/genpkey_dh_param.pem
-$openssl_bin genpkey -genparam -algorithm DH -out $genpkey_dh_param \
- -pkeyopt dh_paramgen_prime_len:1024
-check_exit_status $?
-
-genpkey_dh=$key_dir/genpkey_dh.pem
-$openssl_bin genpkey -paramfile $genpkey_dh_param -out $genpkey_dh
-check_exit_status $?
-
-# DSA by GENPKEY
-
-genpkey_dsa_param=$key_dir/genpkey_dsa_param.pem
-$openssl_bin genpkey -genparam -algorithm DSA -out $genpkey_dsa_param \
- -pkeyopt dsa_paramgen_bits:1024
-check_exit_status $?
-
-genpkey_dsa=$key_dir/genpkey_dsa.pem
-$openssl_bin genpkey -paramfile $genpkey_dsa_param -out $genpkey_dsa
-check_exit_status $?
-
-# RSA by GENPKEY
-
-genpkey_rsa=$key_dir/genpkey_rsa.pem
-$openssl_bin genpkey -algorithm RSA -out $genpkey_rsa \
- -pkeyopt rsa_keygen_bits:2048 -pkeyopt rsa_keygen_pubexp:3
-check_exit_status $?
-
-# EC by GENPKEY
-
-genpkey_ec_param=$key_dir/genpkey_ec_param.pem
-$openssl_bin genpkey -genparam -algorithm EC -out $genpkey_ec_param \
- -pkeyopt ec_paramgen_curve:secp384r1
-check_exit_status $?
-
-genpkey_ec=$key_dir/genpkey_ec.pem
-$openssl_bin genpkey -paramfile $genpkey_ec_param -out $genpkey_ec
-check_exit_status $?
-
-start_message "pkeyparam"
-
-$openssl_bin pkeyparam -in $genpkey_dh_param -text -out $genpkey_dh_param.out
-check_exit_status $?
-
-$openssl_bin pkeyparam -in $genpkey_dsa_param -text -out $genpkey_dsa_param.out
-check_exit_status $?
-
-$openssl_bin pkeyparam -in $genpkey_ec_param -text -out $genpkey_ec_param.out
-check_exit_status $?
-
-start_message "pkey"
-
-$openssl_bin pkey -in $genpkey_dh -text -out $genpkey_dh.out
-check_exit_status $?
-
-$openssl_bin pkey -in $genpkey_dsa -text -out $genpkey_dsa.out
-check_exit_status $?
-
-$openssl_bin pkey -in $genpkey_rsa -text -out $genpkey_rsa.out
-check_exit_status $?
-
-$openssl_bin pkey -in $genpkey_ec -text -out $genpkey_ec.out
-check_exit_status $?
-
-start_message "pkeyutl"
-
-pkeyutldat=$key_dir/pkeyutl.dat
-pkeyutlsig=$key_dir/pkeyutl.sig
-echo "abcdefghijklmnopqrstuvwxyz1234567890" > $pkeyutldat
-
-$openssl_bin pkeyutl -sign -in $pkeyutldat -inkey $genpkey_rsa -out $pkeyutlsig
-check_exit_status $?
-
-$openssl_bin pkeyutl -verify -in $pkeyutldat -sigfile $pkeyutlsig -inkey $genpkey_rsa
-check_exit_status $?
-
-$openssl_bin pkeyutl -verifyrecover -in $pkeyutlsig -inkey $genpkey_rsa
-check_exit_status $?
+ # === various KEY operations ===
+ section_message "various KEY operations"
+
+ key_pass=test-key-pass
+
+ # DH
+
+ start_message "gendh - Obsoleted by dhparam."
+ gendh2=$key_dir/gendh2.pem
+ $openssl_bin gendh -2 -out $gendh2
+ check_exit_status $?
+
+ start_message "dh - Obsoleted by dhparam."
+ $openssl_bin dh -in $gendh2 -check -text -out $gendh2.out
+ check_exit_status $?
+
+ if [ $no_long_tests = 0 ] ; then
+ start_message "dhparam - Superseded by genpkey and pkeyparam."
+ dhparam2=$key_dir/dhparam2.pem
+ $openssl_bin dhparam -2 -out $dhparam2
+ check_exit_status $?
+ $openssl_bin dhparam -in $dhparam2 -check -text \
+ -out $dhparam2.out
+ check_exit_status $?
+ else
+ start_message "SKIPPNG dhparam - Superseded by genpkey and pkeyparam. (quick mode)"
+ fi
+
+ # DSA
+
+ start_message "dsaparam - Superseded by genpkey and pkeyparam."
+ dsaparam512=$key_dir/dsaparam512.pem
+ $openssl_bin dsaparam -genkey -out $dsaparam512 512
+ check_exit_status $?
+
+ start_message "dsa"
+ $openssl_bin dsa -in $dsaparam512 -text -out $dsaparam512.out
+ check_exit_status $?
+
+ start_message "gendsa - Superseded by genpkey and pkey."
+ gendsa_des3=$key_dir/gendsa_des3.pem
+ $openssl_bin gendsa -des3 -out $gendsa_des3 \
+ -passout pass:$key_pass $dsaparam512
+ check_exit_status $?
+
+ # RSA
+
+ start_message "genrsa - Superseded by genpkey."
+ genrsa_aes256=$key_dir/genrsa_aes256.pem
+ $openssl_bin genrsa -f4 -aes256 -out $genrsa_aes256 \
+ -passout pass:$key_pass 2048
+ check_exit_status $?
+
+ start_message "rsa"
+ $openssl_bin rsa -in $genrsa_aes256 -passin pass:$key_pass \
+ -check -text -out $genrsa_aes256.out
+ check_exit_status $?
+
+ start_message "rsautl - Superseded by pkeyutl."
+ rsautldat=$key_dir/rsautl.dat
+ rsautlsig=$key_dir/rsautl.sig
+ echo "abcdefghijklmnopqrstuvwxyz1234567890" > $rsautldat
+
+ $openssl_bin rsautl -sign -in $rsautldat -inkey $genrsa_aes256 \
+ -passin pass:$key_pass -out $rsautlsig
+ check_exit_status $?
+
+ $openssl_bin rsautl -verify -in $rsautlsig -inkey $genrsa_aes256 \
+ -passin pass:$key_pass
+ check_exit_status $?
+
+ # EC
+
+ start_message "ecparam -list-curves"
+ $openssl_bin ecparam -list_curves
+ check_exit_status $?
+
+ # get all EC curves
+ ec_curves=`$openssl_bin ecparam -list_curves | grep ':' | cut -d ':' -f 1`
+
+ start_message "ecparam and ec"
+
+ for curve in $ec_curves ;
+ do
+ ecparam=$key_dir/ecparam_$curve.pem
+
+ echo -n "ec - $curve ... ecparam ... "
+ $openssl_bin ecparam -out $ecparam -name $curve -genkey \
+ -param_enc explicit -conv_form compressed -C
+ check_exit_status $?
+
+ echo -n "ec ... "
+ $openssl_bin ec -in $ecparam -text \
+ -out $ecparam.out 2> /dev/null
+ check_exit_status $?
+ done
+
+ # PKEY
+
+ start_message "genpkey"
+
+ # DH by GENPKEY
+
+ genpkey_dh_param=$key_dir/genpkey_dh_param.pem
+ $openssl_bin genpkey -genparam -algorithm DH -out $genpkey_dh_param \
+ -pkeyopt dh_paramgen_prime_len:1024
+ check_exit_status $?
+
+ genpkey_dh=$key_dir/genpkey_dh.pem
+ $openssl_bin genpkey -paramfile $genpkey_dh_param -out $genpkey_dh
+ check_exit_status $?
+
+ # DSA by GENPKEY
+
+ genpkey_dsa_param=$key_dir/genpkey_dsa_param.pem
+ $openssl_bin genpkey -genparam -algorithm DSA -out $genpkey_dsa_param \
+ -pkeyopt dsa_paramgen_bits:1024
+ check_exit_status $?
+
+ genpkey_dsa=$key_dir/genpkey_dsa.pem
+ $openssl_bin genpkey -paramfile $genpkey_dsa_param -out $genpkey_dsa
+ check_exit_status $?
+
+ # RSA by GENPKEY
+
+ genpkey_rsa=$key_dir/genpkey_rsa.pem
+ $openssl_bin genpkey -algorithm RSA -out $genpkey_rsa \
+ -pkeyopt rsa_keygen_bits:2048 -pkeyopt rsa_keygen_pubexp:3
+ check_exit_status $?
+
+ # EC by GENPKEY
+
+ genpkey_ec_param=$key_dir/genpkey_ec_param.pem
+ $openssl_bin genpkey -genparam -algorithm EC -out $genpkey_ec_param \
+ -pkeyopt ec_paramgen_curve:secp384r1
+ check_exit_status $?
+
+ genpkey_ec=$key_dir/genpkey_ec.pem
+ $openssl_bin genpkey -paramfile $genpkey_ec_param -out $genpkey_ec
+ check_exit_status $?
+
+ start_message "pkeyparam"
+
+ $openssl_bin pkeyparam -in $genpkey_dh_param -text \
+ -out $genpkey_dh_param.out
+ check_exit_status $?
+
+ $openssl_bin pkeyparam -in $genpkey_dsa_param -text \
+ -out $genpkey_dsa_param.out
+ check_exit_status $?
+
+ $openssl_bin pkeyparam -in $genpkey_ec_param -text \
+ -out $genpkey_ec_param.out
+ check_exit_status $?
+
+ start_message "pkey"
+
+ $openssl_bin pkey -in $genpkey_dh -text -out $genpkey_dh.out
+ check_exit_status $?
+
+ $openssl_bin pkey -in $genpkey_dsa -text -out $genpkey_dsa.out
+ check_exit_status $?
+
+ $openssl_bin pkey -in $genpkey_rsa -text -out $genpkey_rsa.out
+ check_exit_status $?
+
+ $openssl_bin pkey -in $genpkey_ec -text -out $genpkey_ec.out
+ check_exit_status $?
+
+ start_message "pkeyutl"
+
+ pkeyutldat=$key_dir/pkeyutl.dat
+ pkeyutlsig=$key_dir/pkeyutl.sig
+ echo "abcdefghijklmnopqrstuvwxyz1234567890" > $pkeyutldat
+
+ $openssl_bin pkeyutl -sign -in $pkeyutldat -inkey $genpkey_rsa \
+ -out $pkeyutlsig
+ check_exit_status $?
+
+ $openssl_bin pkeyutl -verify -in $pkeyutldat -sigfile $pkeyutlsig \
+ -inkey $genpkey_rsa
+ check_exit_status $?
+
+ $openssl_bin pkeyutl -verifyrecover -in $pkeyutlsig -inkey $genpkey_rsa
+ check_exit_status $?
}
-#---------#---------#---------#---------#---------#---------#---------#---------
function test_pki {
-section_message "setup local CA"
+ section_message "setup local CA"
-#
-# prepare test openssl.cnf
-#
+ #
+ # prepare test openssl.cnf
+ #
-cat << __EOF__ > $ssldir/openssl.cnf
-oid_section = new_oids
+ cat << __EOF__ > $ssldir/openssl.cnf
+oid_section = new_oids
[ new_oids ]
tsa_policy1 = 1.2.3.4.1
tsa_policy2 = 1.2.3.4.5.6
extendedKeyUsage = OCSPSigning
__EOF__
-#---------#---------#---------#---------#---------#---------#---------#---------
-
-#
-# setup test CA
-#
-
-mkdir -p $ca_dir
-mkdir -p $tsa_dir
-mkdir -p $ocsp_dir
-mkdir -p $server_dir
-
-mkdir -p $ca_dir/certs
-mkdir -p $ca_dir/private
-mkdir -p $ca_dir/crl
-mkdir -p $ca_dir/newcerts
-chmod 700 $ca_dir/private
-echo "01" > $ca_dir/serial
-touch $ca_dir/index.txt
-touch $ca_dir/crlnumber
-echo "01" > $ca_dir/crlnumber
-
-#
-# setup test TSA
-#
-mkdir -p $tsa_dir/private
-chmod 700 $tsa_dir/private
-echo "01" > $tsa_dir/serial
-touch $tsa_dir/index.txt
-
-#
-# setup test OCSP
-#
-mkdir -p $ocsp_dir/private
-chmod 700 $ocsp_dir/private
-
-#---------#---------#---------#---------#---------#---------#---------#---------
-
-# --- CA initiate (generate CA key and cert) ---
-
-start_message "req ... generate CA key and self signed cert"
-
-ca_cert=$ca_dir/ca_cert.pem
-ca_key=$ca_dir/private/ca_key.pem ca_pass=test-ca-pass
-
-if [ $mingw = 0 ] ; then
- subj='/C=JP/ST=Tokyo/O=TEST_DUMMY_COMPANY/CN=testCA.test_dummy.com/'
-else
- subj='//C=JP\ST=Tokyo\O=TEST_DUMMY_COMPANY\CN=testTSA.test_dummy.com\'
-fi
-
-$openssl_bin req -new -x509 -newkey rsa:2048 -out $ca_cert -keyout $ca_key \
- -days 1 -passout pass:$ca_pass -batch -subj $subj
-check_exit_status $?
-
-#---------#---------#---------#---------#---------#---------#---------#---------
-
-# --- TSA initiate (generate TSA key and cert) ---
-
-start_message "req ... generate TSA key and cert"
-
-# generate CSR for TSA
-
-tsa_csr=$tsa_dir/tsa_csr.pem
-tsa_key=$tsa_dir/private/tsa_key.pem
-tsa_pass=test-tsa-pass
-
-if [ $mingw = 0 ] ; then
- subj='/C=JP/ST=Tokyo/O=TEST_DUMMY_COMPANY/CN=testTSA.test_dummy.com/'
-else
- subj='//C=JP\ST=Tokyo\O=TEST_DUMMY_COMPANY\CN=testTSA.test_dummy.com\'
-fi
-
-$openssl_bin req -new -keyout $tsa_key -out $tsa_csr -passout pass:$tsa_pass -subj $subj
-check_exit_status $?
-
-start_message "ca ... sign by CA with TSA extensions"
-
-tsa_cert=$tsa_dir/tsa_cert.pem
-
-$openssl_bin ca -batch -cert $ca_cert -keyfile $ca_key -key $ca_pass \
--in $tsa_csr -out $tsa_cert -extensions tsa_ext
-check_exit_status $?
-
-#---------#---------#---------#---------#---------#---------#---------#---------
-
-# --- OCSP initiate (generate OCSP key and cert) ---
-
-start_message "req ... generate OCSP key and cert"
-
-# generate CSR for OCSP
-
-ocsp_csr=$ocsp_dir/ocsp_csr.pem
-ocsp_key=$ocsp_dir/private/ocsp_key.pem
-
-if [ $mingw = 0 ] ; then
- subj='/C=JP/ST=Tokyo/O=TEST_DUMMY_COMPANY/CN=testOCSP.test_dummy.com/'
-else
- subj='//C=JP\ST=Tokyo\O=TEST_DUMMY_COMPANY\CN=testOCSP.test_dummy.com\'
-fi
-
-$openssl_bin req -new -keyout $ocsp_key -nodes -out $ocsp_csr -subj $subj
-check_exit_status $?
-
-start_message "ca ... sign by CA with OCSP extensions"
-
-ocsp_cert=$ocsp_dir/ocsp_cert.pem
-
-$openssl_bin ca -batch -cert $ca_cert -keyfile $ca_key -key $ca_pass \
--in $ocsp_csr -out $ocsp_cert -extensions ocsp_ext
-check_exit_status $?
-
-#---------#---------#---------#---------#---------#---------#---------#---------
-
-# --- server-admin operations (generate server key and csr) ---
-section_message "server-admin operations (generate server key and csr)"
-
-start_message "req ... generate server csr#1"
-
-server_key=$server_dir/server_key.pem
-server_csr=$server_dir/server_csr.pem
-server_pass=test-server-pass
-
-if [ $mingw = 0 ] ; then
- subj='/C=JP/ST=Tokyo/O=TEST_DUMMY_COMPANY/CN=localhost.test_dummy.com/'
-else
- subj='//C=JP\ST=Tokyo\O=TEST_DUMMY_COMPANY\CN=localhost.test_dummy.com\'
-fi
-
-$openssl_bin req -new -keyout $server_key -out $server_csr -passout pass:$server_pass -subj $subj
-check_exit_status $?
-
-start_message "req ... generate server csr#2 (interactive mode)"
-
-revoke_key=$server_dir/revoke_key.pem
-revoke_csr=$server_dir/revoke_csr.pem
-revoke_pass=test-revoke-pass
-
-$openssl_bin req -new -keyout $revoke_key -out $revoke_csr -passout pass:$revoke_pass <<__EOF__
+ #---------#---------#---------#---------#---------#---------#---------
+
+ #
+ # setup test CA
+ #
+
+ mkdir -p $ca_dir
+ mkdir -p $tsa_dir
+ mkdir -p $ocsp_dir
+ mkdir -p $server_dir
+
+ mkdir -p $ca_dir/certs
+ mkdir -p $ca_dir/private
+ mkdir -p $ca_dir/crl
+ mkdir -p $ca_dir/newcerts
+ chmod 700 $ca_dir/private
+ echo "01" > $ca_dir/serial
+ touch $ca_dir/index.txt
+ touch $ca_dir/crlnumber
+ echo "01" > $ca_dir/crlnumber
+
+ #
+ # setup test TSA
+ #
+ mkdir -p $tsa_dir/private
+ chmod 700 $tsa_dir/private
+ echo "01" > $tsa_dir/serial
+ touch $tsa_dir/index.txt
+
+ #
+ # setup test OCSP
+ #
+ mkdir -p $ocsp_dir/private
+ chmod 700 $ocsp_dir/private
+
+ #---------#---------#---------#---------#---------#---------#---------
+
+ # --- CA initiate (generate CA key and cert) ---
+
+ start_message "req ... generate CA key and self signed cert"
+
+ ca_cert=$ca_dir/ca_cert.pem
+ ca_key=$ca_dir/private/ca_key.pem ca_pass=test-ca-pass
+
+ if [ $mingw = 0 ] ; then
+ subj='/C=JP/ST=Tokyo/O=TEST_DUMMY_COMPANY/CN=testCA.test_dummy.com/'
+ else
+ subj='//C=JP\ST=Tokyo\O=TEST_DUMMY_COMPANY\CN=testTSA.test_dummy.com\'
+ fi
+
+ $openssl_bin req -new -x509 -newkey rsa:2048 -out $ca_cert \
+ -keyout $ca_key -days 1 -passout pass:$ca_pass -batch \
+ -subj $subj
+ check_exit_status $?
+
+ #---------#---------#---------#---------#---------#---------#---------
+
+ # --- TSA initiate (generate TSA key and cert) ---
+
+ start_message "req ... generate TSA key and cert"
+
+ # generate CSR for TSA
+
+ tsa_csr=$tsa_dir/tsa_csr.pem
+ tsa_key=$tsa_dir/private/tsa_key.pem
+ tsa_pass=test-tsa-pass
+
+ if [ $mingw = 0 ] ; then
+ subj='/C=JP/ST=Tokyo/O=TEST_DUMMY_COMPANY/CN=testTSA.test_dummy.com/'
+ else
+ subj='//C=JP\ST=Tokyo\O=TEST_DUMMY_COMPANY\CN=testTSA.test_dummy.com\'
+ fi
+
+ $openssl_bin req -new -keyout $tsa_key -out $tsa_csr \
+ -passout pass:$tsa_pass -subj $subj
+ check_exit_status $?
+
+ start_message "ca ... sign by CA with TSA extensions"
+
+ tsa_cert=$tsa_dir/tsa_cert.pem
+
+ $openssl_bin ca -batch -cert $ca_cert -keyfile $ca_key -key $ca_pass \
+ -in $tsa_csr -out $tsa_cert -extensions tsa_ext
+ check_exit_status $?
+
+ #---------#---------#---------#---------#---------#---------#---------
+
+ # --- OCSP initiate (generate OCSP key and cert) ---
+
+ start_message "req ... generate OCSP key and cert"
+
+ # generate CSR for OCSP
+
+ ocsp_csr=$ocsp_dir/ocsp_csr.pem
+ ocsp_key=$ocsp_dir/private/ocsp_key.pem
+
+ if [ $mingw = 0 ] ; then
+ subj='/C=JP/ST=Tokyo/O=TEST_DUMMY_COMPANY/CN=testOCSP.test_dummy.com/'
+ else
+ subj='//C=JP\ST=Tokyo\O=TEST_DUMMY_COMPANY\CN=testOCSP.test_dummy.com\'
+ fi
+
+ $openssl_bin req -new -keyout $ocsp_key -nodes -out $ocsp_csr \
+ -subj $subj
+ check_exit_status $?
+
+ start_message "ca ... sign by CA with OCSP extensions"
+
+ ocsp_cert=$ocsp_dir/ocsp_cert.pem
+
+ $openssl_bin ca -batch -cert $ca_cert -keyfile $ca_key -key $ca_pass \
+ -in $ocsp_csr -out $ocsp_cert -extensions ocsp_ext
+ check_exit_status $?
+
+ #---------#---------#---------#---------#---------#---------#---------
+
+ # --- server-admin operations (generate server key and csr) ---
+ section_message "server-admin operations (generate server key and csr)"
+
+ start_message "req ... generate server csr#1"
+
+ server_key=$server_dir/server_key.pem
+ server_csr=$server_dir/server_csr.pem
+ server_pass=test-server-pass
+
+ if [ $mingw = 0 ] ; then
+ subj='/C=JP/ST=Tokyo/O=TEST_DUMMY_COMPANY/CN=localhost.test_dummy.com/'
+ else
+ subj='//C=JP\ST=Tokyo\O=TEST_DUMMY_COMPANY\CN=localhost.test_dummy.com\'
+ fi
+
+ $openssl_bin req -new -keyout $server_key -out $server_csr \
+ -passout pass:$server_pass -subj $subj
+ check_exit_status $?
+
+ start_message "req ... generate server csr#2 (interactive mode)"
+
+ revoke_key=$server_dir/revoke_key.pem
+ revoke_csr=$server_dir/revoke_csr.pem
+ revoke_pass=test-revoke-pass
+
+ $openssl_bin req -new -keyout $revoke_key -out $revoke_csr \
+ -passout pass:$revoke_pass <<__EOF__
JP
Tokyo
TEST_DUMMY_COMPANY
revoke.test_dummy.com
__EOF__
-check_exit_status $?
-
-#---------#---------#---------#---------#---------#---------#---------#---------
-
-# --- CA operations (issue cert for server) ---
-section_message "CA operations (issue cert for server)"
-
-start_message "ca ... issue cert for server csr#1"
-
-server_cert=$server_dir/server_cert.pem
-$openssl_bin ca -batch -cert $ca_cert -keyfile $ca_key -key $ca_pass \
- -in $server_csr -out $server_cert
-check_exit_status $?
-
-start_message "x509 ... issue cert for server csr#2"
-
-revoke_cert=$server_dir/revoke_cert.pem
-$openssl_bin x509 -req -in $revoke_csr -CA $ca_cert -CAkey $ca_key -passin pass:$ca_pass \
- -CAcreateserial -out $revoke_cert
-check_exit_status $?
-
-#---------#---------#---------#---------#---------#---------#---------#---------
-
-# --- CA operations (revoke cert and generate crl) ---
-section_message "CA operations (revoke cert and generate crl)"
-
-start_message "ca ... revoke server cert#2"
-crl_file=$ca_dir/crl.pem
-$openssl_bin ca -gencrl -out $crl_file -crldays 30 -revoke $revoke_cert \
- -keyfile $ca_key -passin pass:$ca_pass -cert $ca_cert
-check_exit_status $?
-
-start_message "crl ... CA generates CRL"
-$openssl_bin crl -in $crl_file -fingerprint
-check_exit_status $?
-
-crl_p7=$ca_dir/crl.p7
-start_message "crl2pkcs7 ... convert CRL to pkcs7"
-$openssl_bin crl2pkcs7 -in $crl_file -certfile $ca_cert -out $crl_p7
-check_exit_status $?
-
-#---------#---------#---------#---------#---------#---------#---------#---------
-
-# --- server-admin operations (check csr, verify cert, certhash) ---
-section_message "server-admin operations (check csr, verify cert, certhash)"
-
-start_message "asn1parse ... parse server csr#1"
-$openssl_bin asn1parse -in $server_csr -i \
- -dlimit 100 -length 1000 -strparse 01 > $server_csr.asn1parse.out
-check_exit_status $?
-
-start_message "verify ... server cert#1"
-$openssl_bin verify -verbose -CAfile $ca_cert $server_cert
-check_exit_status $?
-
-start_message "x509 ... get detail info about server cert#1"
-$openssl_bin x509 -in $server_cert -text -C -dates -startdate -enddate \
- -fingerprint -issuer -issuer_hash -issuer_hash_old \
- -subject -subject_hash -subject_hash_old -ocsp_uri -ocspid -modulus \
- -pubkey -serial -email > $server_cert.x509.out
-check_exit_status $?
-
-if [ $mingw = 0 ] ; then
- start_message "certhash"
- $openssl_bin certhash -v $server_dir
- check_exit_status $?
-fi
-
-# self signed
-start_message "x509 ... generate self signed server cert"
-server_self_cert=$server_dir/server_self_cert.pem
-$openssl_bin x509 -in $server_cert -signkey $server_key -passin pass:$server_pass -out $server_self_cert
-check_exit_status $?
-
-#---------#---------#---------#---------#---------#---------#---------#---------
-
-# --- Netscape SPKAC operations ---
-section_message "Netscape SPKAC operations"
-
-# server-admin generates SPKAC
-
-start_message "spkac"
-spkacfile=$server_dir/spkac.file
-
-$openssl_bin spkac -key $genpkey_rsa -challenge hello -out $spkacfile
-check_exit_status $?
-
-$openssl_bin spkac -in $spkacfile -verify -out $spkacfile.out
-check_exit_status $?
-
-spkacreq=$server_dir/spkac.req
-cat << __EOF__ > $spkacreq
+ check_exit_status $?
+
+ #---------#---------#---------#---------#---------#---------#---------
+
+ # --- CA operations (issue cert for server) ---
+ section_message "CA operations (issue cert for server)"
+
+ start_message "ca ... issue cert for server csr#1"
+
+ server_cert=$server_dir/server_cert.pem
+ $openssl_bin ca -batch -cert $ca_cert -keyfile $ca_key -key $ca_pass \
+ -in $server_csr -out $server_cert
+ check_exit_status $?
+
+ start_message "x509 ... issue cert for server csr#2"
+
+ revoke_cert=$server_dir/revoke_cert.pem
+ $openssl_bin x509 -req -in $revoke_csr -CA $ca_cert -CAkey $ca_key \
+ -passin pass:$ca_pass -CAcreateserial -out $revoke_cert
+ check_exit_status $?
+
+ #---------#---------#---------#---------#---------#---------#---------
+
+ # --- CA operations (revoke cert and generate crl) ---
+ section_message "CA operations (revoke cert and generate crl)"
+
+ start_message "ca ... revoke server cert#2"
+ crl_file=$ca_dir/crl.pem
+ $openssl_bin ca -gencrl -out $crl_file -crldays 30 \
+ -revoke $revoke_cert \
+ -keyfile $ca_key -passin pass:$ca_pass -cert $ca_cert
+ check_exit_status $?
+
+ start_message "crl ... CA generates CRL"
+ $openssl_bin crl -in $crl_file -fingerprint
+ check_exit_status $?
+
+ crl_p7=$ca_dir/crl.p7
+ start_message "crl2pkcs7 ... convert CRL to pkcs7"
+ $openssl_bin crl2pkcs7 -in $crl_file -certfile $ca_cert -out $crl_p7
+ check_exit_status $?
+
+ #---------#---------#---------#---------#---------#---------#---------
+
+ # --- server-admin operations (check csr, verify cert, certhash) ---
+ section_message "server-admin operations (check csr, verify cert, certhash)"
+
+ start_message "asn1parse ... parse server csr#1"
+ $openssl_bin asn1parse -in $server_csr -i -dlimit 100 -length 1000 \
+ -strparse 01 > $server_csr.asn1parse.out
+ check_exit_status $?
+
+ start_message "verify ... server cert#1"
+ $openssl_bin verify -verbose -CAfile $ca_cert $server_cert
+ check_exit_status $?
+
+ start_message "x509 ... get detail info about server cert#1"
+ $openssl_bin x509 -in $server_cert -text -C -dates -startdate -enddate \
+ -fingerprint -issuer -issuer_hash -issuer_hash_old \
+ -subject -subject_hash -subject_hash_old -ocsp_uri \
+ -ocspid -modulus -pubkey -serial -email > $server_cert.x509.out
+ check_exit_status $?
+
+ if [ $mingw = 0 ] ; then
+ start_message "certhash"
+ $openssl_bin certhash -v $server_dir
+ check_exit_status $?
+ fi
+
+ # self signed
+ start_message "x509 ... generate self signed server cert"
+ server_self_cert=$server_dir/server_self_cert.pem
+ $openssl_bin x509 -in $server_cert -signkey $server_key \
+ -passin pass:$server_pass -out $server_self_cert
+ check_exit_status $?
+
+ #---------#---------#---------#---------#---------#---------#---------
+
+ # --- Netscape SPKAC operations ---
+ section_message "Netscape SPKAC operations"
+
+ # server-admin generates SPKAC
+
+ start_message "spkac"
+ spkacfile=$server_dir/spkac.file
+
+ $openssl_bin spkac -key $genpkey_rsa -challenge hello -out $spkacfile
+ check_exit_status $?
+
+ $openssl_bin spkac -in $spkacfile -verify -out $spkacfile.out
+ check_exit_status $?
+
+ spkacreq=$server_dir/spkac.req
+ cat << __EOF__ > $spkacreq
countryName = JP
stateOrProvinceName = Tokyo
organizationName = TEST_DUMMY_COMPANY
commonName = spkac.test_dummy.com
__EOF__
-cat $spkacfile >> $spkacreq
-
-# CA signs SPKAC
-start_message "ca ... CA signs SPKAC csr"
-spkaccert=$server_dir/spkac.cert
-$openssl_bin ca -batch -cert $ca_cert -keyfile $ca_key -key $ca_pass \
- -spkac $spkacreq -out $spkaccert
-check_exit_status $?
-
-start_message "x509 ... convert DER format SPKAC cert to PEM"
-spkacpem=$server_dir/spkac.pem
-$openssl_bin x509 -in $spkaccert -inform DER -out $spkacpem -outform PEM
-check_exit_status $?
-
-# server-admin cert verify
-
-start_message "nseq"
-$openssl_bin nseq -in $spkacpem -toseq -out $spkacpem.nseq
-check_exit_status $?
-
-#---------#---------#---------#---------#---------#---------#---------#---------
-
-# --- user1 operations (generate user1 key and csr) ---
-section_message "user1 operations (generate user1 key and csr)"
-
-# trust
-start_message "x509 ... trust testCA cert"
-user1_trust=$user1_dir/user1_trust_ca.pem
-$openssl_bin x509 -in $ca_cert -addtrust clientAuth -setalias "trusted testCA" -purpose -out $user1_trust
-check_exit_status $?
-
-start_message "req ... generate private key and csr for user1"
-
-user1_key=$user1_dir/user1_key.pem
-user1_csr=$user1_dir/user1_csr.pem
-user1_pass=test-user1-pass
-
-if [ $mingw = 0 ] ; then
- subj='/C=JP/ST=Tokyo/O=TEST_DUMMY_COMPANY/CN=user1.test_dummy.com/'
-else
- subj='//C=JP\ST=Tokyo\O=TEST_DUMMY_COMPANY\CN=user1.test_dummy.com\'
-fi
-
-$openssl_bin req -new -keyout $user1_key -out $user1_csr -passout pass:$user1_pass -subj $subj
-check_exit_status $?
-
-#---------#---------#---------#---------#---------#---------#---------#---------
-
-# --- CA operations (issue cert for user1) ---
-section_message "CA operations (issue cert for user1)"
-
-start_message "ca ... issue cert for user1"
-
-user1_cert=$user1_dir/user1_cert.pem
-$openssl_bin ca -batch -cert $ca_cert -keyfile $ca_key -key $ca_pass \
- -in $user1_csr -out $user1_cert
-check_exit_status $?
+ cat $spkacfile >> $spkacreq
+
+ # CA signs SPKAC
+ start_message "ca ... CA signs SPKAC csr"
+ spkaccert=$server_dir/spkac.cert
+ $openssl_bin ca -batch -cert $ca_cert -keyfile $ca_key -key $ca_pass \
+ -spkac $spkacreq -out $spkaccert
+ check_exit_status $?
+
+ start_message "x509 ... convert DER format SPKAC cert to PEM"
+ spkacpem=$server_dir/spkac.pem
+ $openssl_bin x509 -in $spkaccert -inform DER -out $spkacpem -outform PEM
+ check_exit_status $?
+
+ # server-admin cert verify
+
+ start_message "nseq"
+ $openssl_bin nseq -in $spkacpem -toseq -out $spkacpem.nseq
+ check_exit_status $?
+
+ #---------#---------#---------#---------#---------#---------#---------
+
+ # --- user1 operations (generate user1 key and csr) ---
+ section_message "user1 operations (generate user1 key and csr)"
+
+ # trust
+ start_message "x509 ... trust testCA cert"
+ user1_trust=$user1_dir/user1_trust_ca.pem
+ $openssl_bin x509 -in $ca_cert -addtrust clientAuth \
+ -setalias "trusted testCA" -purpose -out $user1_trust
+ check_exit_status $?
+
+ start_message "req ... generate private key and csr for user1"
+
+ user1_key=$user1_dir/user1_key.pem
+ user1_csr=$user1_dir/user1_csr.pem
+ user1_pass=test-user1-pass
+
+ if [ $mingw = 0 ] ; then
+ subj='/C=JP/ST=Tokyo/O=TEST_DUMMY_COMPANY/CN=user1.test_dummy.com/'
+ else
+ subj='//C=JP\ST=Tokyo\O=TEST_DUMMY_COMPANY\CN=user1.test_dummy.com\'
+ fi
+
+ $openssl_bin req -new -keyout $user1_key -out $user1_csr \
+ -passout pass:$user1_pass -subj $subj
+ check_exit_status $?
+
+ #---------#---------#---------#---------#---------#---------#---------
+
+ # --- CA operations (issue cert for user1) ---
+ section_message "CA operations (issue cert for user1)"
+
+ start_message "ca ... issue cert for user1"
+
+ user1_cert=$user1_dir/user1_cert.pem
+ $openssl_bin ca -batch -cert $ca_cert -keyfile $ca_key -key $ca_pass \
+ -in $user1_csr -out $user1_cert
+ check_exit_status $?
}
-#---------#---------#---------#---------#---------#---------#---------#---------
function test_tsa {
-# --- TSA operations ---
-section_message "TSA operations"
-
-tsa_dat=$user1_dir/tsa.dat
-cat << __EOF__ > $tsa_dat
+ # --- TSA operations ---
+ section_message "TSA operations"
+
+ tsa_dat=$user1_dir/tsa.dat
+ cat << __EOF__ > $tsa_dat
Hello Bob,
Sincerely yours
Alice
__EOF__
-# Query
-start_message "ts ... create time stamp request"
-
-tsa_tsq=$user1_dir/tsa.tsq
-
-$openssl_bin ts -query -sha1 -data $tsa_dat -no_nonce -out $tsa_tsq
-check_exit_status $?
-
-start_message "ts ... print time stamp request"
-
-$openssl_bin ts -query -in $tsa_tsq -text
-check_exit_status $?
-
-# Reply
-start_message "ts ... create time stamp response for a request"
-
-tsa_tsr=$user1_dir/tsa.tsr
-
-$openssl_bin ts -reply -queryfile $tsa_tsq -inkey $tsa_key -passin pass:$tsa_pass \
- -signer $tsa_cert -chain $ca_cert -out $tsa_tsr
-check_exit_status $?
-
-# Verify
-start_message "ts ... verify time stamp response"
-
-$openssl_bin ts -verify -queryfile $tsa_tsq -in $tsa_tsr -CAfile $ca_cert -untrusted $tsa_cert
-check_exit_status $?
+ # Query
+ start_message "ts ... create time stamp request"
+
+ tsa_tsq=$user1_dir/tsa.tsq
+
+ $openssl_bin ts -query -sha1 -data $tsa_dat -no_nonce -out $tsa_tsq
+ check_exit_status $?
+
+ start_message "ts ... print time stamp request"
+
+ $openssl_bin ts -query -in $tsa_tsq -text
+ check_exit_status $?
+
+ # Reply
+ start_message "ts ... create time stamp response for a request"
+
+ tsa_tsr=$user1_dir/tsa.tsr
+
+ $openssl_bin ts -reply -queryfile $tsa_tsq -inkey $tsa_key \
+ -passin pass:$tsa_pass -signer $tsa_cert -chain $ca_cert \
+ -out $tsa_tsr
+ check_exit_status $?
+
+ # Verify
+ start_message "ts ... verify time stamp response"
+
+ $openssl_bin ts -verify -queryfile $tsa_tsq -in $tsa_tsr \
+ -CAfile $ca_cert -untrusted $tsa_cert
+ check_exit_status $?
}
-#---------#---------#---------#---------#---------#---------#---------#---------
function test_smime {
-# --- S/MIME operations ---
-section_message "S/MIME operations"
-
-smime_txt=$user1_dir/smime.txt
-smime_msg=$user1_dir/smime.msg
-smime_ver=$user1_dir/smime.ver
-
-cat << __EOF__ > $smime_txt
+ # --- S/MIME operations ---
+ section_message "S/MIME operations"
+
+ smime_txt=$user1_dir/smime.txt
+ smime_msg=$user1_dir/smime.msg
+ smime_ver=$user1_dir/smime.ver
+
+ cat << __EOF__ > $smime_txt
Hello Bob,
Sincerely yours
Alice
__EOF__
-
-# sign
-start_message "smime ... sign to message"
-
-$openssl_bin smime -sign -in $smime_txt -text -out $smime_msg \
- -signer $user1_cert -inkey $user1_key -passin pass:$user1_pass
-check_exit_status $?
-
-# verify
-start_message "smime ... verify message"
-
-$openssl_bin smime -verify -in $smime_msg -signer $user1_cert -CAfile $ca_cert -out $smime_ver
-check_exit_status $?
+
+ # sign
+ start_message "smime ... sign to message"
+
+ $openssl_bin smime -sign -in $smime_txt -text -out $smime_msg \
+ -signer $user1_cert -inkey $user1_key -passin pass:$user1_pass
+ check_exit_status $?
+
+ # verify
+ start_message "smime ... verify message"
+
+ $openssl_bin smime -verify -in $smime_msg -signer $user1_cert \
+ -CAfile $ca_cert -out $smime_ver
+ check_exit_status $?
}
-#---------#---------#---------#---------#---------#---------#---------#---------
function test_ocsp {
-# --- OCSP operations ---
-section_message "OCSP operations"
-
-# request
-start_message "ocsp ... create OCSP request"
-
-ocsp_req=$user1_dir/ocsp_req.der
-$openssl_bin ocsp -issuer $ca_cert -cert $server_cert -cert $revoke_cert \
- -CAfile $ca_cert -reqout $ocsp_req
-check_exit_status $?
-
-# response
-start_message "ocsp ... create OCPS response for a request"
-
-ocsp_res=$user1_dir/ocsp_res.der
-$openssl_bin ocsp -index $ca_dir/index.txt -CA $ca_cert -CAfile $ca_cert \
- -rsigner $ocsp_cert -rkey $ocsp_key -reqin $ocsp_req -respout $ocsp_res -text > $ocsp_res.out 2>&1
-check_exit_status $?
-
-# ocsp server
-start_message "ocsp ... start OCSP server in background"
-
-ocsp_port=8888
-
-$openssl_bin ocsp -index $ca_dir/index.txt -CA $ca_cert -CAfile $ca_cert \
- -rsigner $ocsp_cert -rkey $ocsp_key -port '*:'$ocsp_port -nrequest 1 &
-check_exit_status $?
-ocsp_svr_pid=$!
-echo "ocsp server pid = [ $ocsp_svr_pid ]"
-sleep 1
-
-# send query to ocsp server
-start_message "ocsp ... send OCSP request to server"
-
-ocsp_qry=$user1_dir/ocsp_qry.der
-$openssl_bin ocsp -issuer $ca_cert -cert $server_cert -cert $revoke_cert \
- -CAfile $ca_cert -url http://localhost:$ocsp_port -resp_text -respout $ocsp_qry > $ocsp_qry.out 2>&1
-check_exit_status $?
+ # --- OCSP operations ---
+ section_message "OCSP operations"
+
+ # request
+ start_message "ocsp ... create OCSP request"
+
+ ocsp_req=$user1_dir/ocsp_req.der
+ $openssl_bin ocsp -issuer $ca_cert -cert $server_cert \
+ -cert $revoke_cert -CAfile $ca_cert -reqout $ocsp_req
+ check_exit_status $?
+
+ # response
+ start_message "ocsp ... create OCPS response for a request"
+
+ ocsp_res=$user1_dir/ocsp_res.der
+ $openssl_bin ocsp -index $ca_dir/index.txt -CA $ca_cert \
+ -CAfile $ca_cert -rsigner $ocsp_cert -rkey $ocsp_key \
+ -reqin $ocsp_req -respout $ocsp_res -text > $ocsp_res.out 2>&1
+ check_exit_status $?
+
+ # ocsp server
+ start_message "ocsp ... start OCSP server in background"
+
+ ocsp_port=8888
+
+ $openssl_bin ocsp -index $ca_dir/index.txt -CA $ca_cert \
+ -CAfile $ca_cert -rsigner $ocsp_cert -rkey $ocsp_key \
+ -port '*:'$ocsp_port -nrequest 1 &
+ check_exit_status $?
+ ocsp_svr_pid=$!
+ echo "ocsp server pid = [ $ocsp_svr_pid ]"
+ sleep 1
+
+ # send query to ocsp server
+ start_message "ocsp ... send OCSP request to server"
+
+ ocsp_qry=$user1_dir/ocsp_qry.der
+ $openssl_bin ocsp -issuer $ca_cert -cert $server_cert \
+ -cert $revoke_cert -CAfile $ca_cert \
+ -url http://localhost:$ocsp_port -resp_text \
+ -respout $ocsp_qry > $ocsp_qry.out 2>&1
+ check_exit_status $?
}
-#---------#---------#---------#---------#---------#---------#---------#---------
function test_pkcs {
-# --- PKCS operations ---
-section_message "PKCS operations"
-
-pkcs_pass=test-pkcs-pass
-
-start_message "pkcs7 ... output certs in crl(pkcs7)"
-$openssl_bin pkcs7 -in $crl_p7 -print_certs -text -out $crl_p7.out
-check_exit_status $?
-
-start_message "pkcs8 ... convert key to pkcs8"
-$openssl_bin pkcs8 -in $user1_key -topk8 -out $user1_key.p8 \
- -passin pass:$user1_pass -passout pass:$user1_pass -v1 pbeWithSHA1AndDES-CBC -v2 des3
-check_exit_status $?
-
-start_message "pkcs8 ... convert pkcs8 to key in DER format"
-$openssl_bin pkcs8 -in $user1_key.p8 -passin pass:$user1_pass -outform DER -out $user1_key.p8.der
-check_exit_status $?
-
-start_message "pkcs12 ... create"
-$openssl_bin pkcs12 -export -in $server_cert -inkey $server_key -passin pass:$server_pass \
- -certfile $ca_cert -CAfile $ca_cert -caname "server_p12" -passout pass:$pkcs_pass \
- -certpbe AES-256-CBC -keypbe AES-256-CBC -chain -out $server_cert.p12
-check_exit_status $?
-
-start_message "pkcs12 ... verify"
-$openssl_bin pkcs12 -in $server_cert.p12 -passin pass:$pkcs_pass -info -noout
-check_exit_status $?
-
-start_message "pkcs12 ... to PEM"
-$openssl_bin pkcs12 -in $server_cert.p12 -passin pass:$pkcs_pass \
- -passout pass:$pkcs_pass -out $server_cert.p12.pem
-check_exit_status $?
+ # --- PKCS operations ---
+ section_message "PKCS operations"
+
+ pkcs_pass=test-pkcs-pass
+
+ start_message "pkcs7 ... output certs in crl(pkcs7)"
+ $openssl_bin pkcs7 -in $crl_p7 -print_certs -text -out $crl_p7.out
+ check_exit_status $?
+
+ start_message "pkcs8 ... convert key to pkcs8"
+ $openssl_bin pkcs8 -in $user1_key -topk8 -out $user1_key.p8 \
+ -passin pass:$user1_pass -passout pass:$user1_pass \
+ -v1 pbeWithSHA1AndDES-CBC -v2 des3
+ check_exit_status $?
+
+ start_message "pkcs8 ... convert pkcs8 to key in DER format"
+ $openssl_bin pkcs8 -in $user1_key.p8 -passin pass:$user1_pass \
+ -outform DER -out $user1_key.p8.der
+ check_exit_status $?
+
+ start_message "pkcs12 ... create"
+ $openssl_bin pkcs12 -export -in $server_cert -inkey $server_key \
+ -passin pass:$server_pass -certfile $ca_cert -CAfile $ca_cert \
+ -caname "server_p12" -passout pass:$pkcs_pass \
+ -certpbe AES-256-CBC -keypbe AES-256-CBC -chain \
+ -out $server_cert.p12
+ check_exit_status $?
+
+ start_message "pkcs12 ... verify"
+ $openssl_bin pkcs12 -in $server_cert.p12 -passin pass:$pkcs_pass -info \
+ -noout
+ check_exit_status $?
+
+ start_message "pkcs12 ... to PEM"
+ $openssl_bin pkcs12 -in $server_cert.p12 -passin pass:$pkcs_pass \
+ -passout pass:$pkcs_pass -out $server_cert.p12.pem
+ check_exit_status $?
}
-#---------#---------#---------#---------#---------#---------#---------#---------
function test_server_client {
-# --- client/server operations (TLS) ---
-section_message "client/server operations (TLS)"
-
-host="localhost"
-port=4433
-sess_dat=$user1_dir/s_client_sess.dat
-s_server_out=$server_dir/s_server_tls.out
-
-start_message "s_server ... start SSL/TLS test server"
-$openssl_bin s_server -accept $port -CAfile $ca_cert \
- -cert $server_cert -key $server_key -pass pass:$server_pass \
- -context "appstest.sh" -id_prefix "APPSTEST.SH" -crl_check \
- -nextprotoneg "http/1.1,spdy/3" -alpn "http/1.1,spdy/3" -www \
- -cipher ALL \
- -msg -tlsextdebug > $s_server_out 2>&1 &
-check_exit_status $?
-s_server_pid=$!
-echo "s_server pid = [ $s_server_pid ]"
-sleep 1
-
-# protocol = TLSv1
-
-s_client_out=$user1_dir/s_client_tls_1_0.out
-
-start_message "s_client ... connect to SSL/TLS test server by TLSv1"
-$openssl_bin s_client -connect $host:$port -CAfile $ca_cert -pause -prexit \
- -tls1 -msg -tlsextdebug < /dev/null > $s_client_out 2>&1
-check_exit_status $?
-
-grep 'Protocol : TLSv1$' $s_client_out > /dev/null
-check_exit_status $?
-
-grep 'Verify return code: 0 (ok)' $s_client_out > /dev/null
-check_exit_status $?
-
-# protocol = TLSv1.1
-
-s_client_out=$user1_dir/s_client_tls_1_1.out
-
-start_message "s_client ... connect to SSL/TLS test server by TLSv1.1"
-$openssl_bin s_client -connect $host:$port -CAfile $ca_cert -pause -prexit \
- -tls1_1 -msg -tlsextdebug < /dev/null > $s_client_out 2>&1
-check_exit_status $?
-
-grep 'Protocol : TLSv1\.1$' $s_client_out > /dev/null
-check_exit_status $?
-
-grep 'Verify return code: 0 (ok)' $s_client_out > /dev/null
-check_exit_status $?
-
-# protocol = TLSv1.2
-
-s_client_out=$user1_dir/s_client_tls_1_2.out
-
-start_message "s_client ... connect to SSL/TLS test server by TLSv1.2"
-$openssl_bin s_client -connect $host:$port -CAfile $ca_cert -pause -prexit \
- -tls1_2 -msg -tlsextdebug < /dev/null > $s_client_out 2>&1
-check_exit_status $?
-
-grep 'Protocol : TLSv1\.2$' $s_client_out > /dev/null
-check_exit_status $?
-
-grep 'Verify return code: 0 (ok)' $s_client_out > /dev/null
-check_exit_status $?
-
-# all available ciphers with random order
-
-ciphers=`$openssl_bin ciphers -v ALL:!ECDSA:!kGOST | awk '{print $1}' | sort -R`
-cnum=0
-for c in $ciphers ; do
- cnum=`expr $cnum + 1`
- cnstr=`printf %03d $cnum`
- s_client_out=$user1_dir/s_client_tls_${cnstr}_${c}.out
-
- start_message "s_client ... connect to SSL/TLS test server with [ $cnstr ] $c"
- $openssl_bin s_client -connect $host:$port -CAfile $ca_cert -pause -prexit \
- -cipher $c -msg -tlsextdebug < /dev/null > $s_client_out 2>&1
- check_exit_status $?
-
- grep "Cipher : $c" $s_client_out > /dev/null
- check_exit_status $?
-
- grep 'Verify return code: 0 (ok)' $s_client_out > /dev/null
- check_exit_status $?
-done
-
-# Get session ticket to reuse
-
-s_client_out=$user1_dir/s_client_tls_reuse_1.out
-
-start_message "s_client ... connect to SSL/TLS test server to get session id"
-$openssl_bin s_client -connect $host:$port -CAfile $ca_cert -pause -prexit \
- -nextprotoneg "spdy/3,http/1.1" -alpn "spdy/3,http/1.1" \
- -sess_out $sess_dat \
- -msg -tlsextdebug < /dev/null > $s_client_out 2>&1
-check_exit_status $?
-
-grep 'New, TLSv1/SSLv3' $s_client_out > /dev/null
-check_exit_status $?
-
-grep 'Verify return code: 0 (ok)' $s_client_out > /dev/null
-check_exit_status $?
-
-# Reuse session ticket
-
-s_client_out=$user1_dir/s_client_tls_reuse_2.out
-
-start_message "s_client ... connect to SSL/TLS test server reusing session id"
-$openssl_bin s_client -connect $host:$port -CAfile $ca_cert -pause -prexit \
- -sess_in $sess_dat \
- -msg -tlsextdebug < /dev/null > $s_client_out 2>&1
-check_exit_status $?
-
-grep 'Reused, TLSv1/SSLv3' $s_client_out > /dev/null
-check_exit_status $?
-
-grep 'Verify return code: 0 (ok)' $s_client_out > /dev/null
-check_exit_status $?
-
-# invalid verification pattern
-
-s_client_out=$user1_dir/s_client_tls_invalid.out
-
-start_message "s_client ... connect to SSL/TLS test server but verify error"
-$openssl_bin s_client -connect $host:$port -CAfile $ca_cert -pause -prexit \
- -showcerts -crl_check -issuer_checks -policy_check \
- -msg -tlsextdebug < /dev/null > $s_client_out 2>&1
-check_exit_status $?
-
-grep 'Verify return code: 24 (invalid CA certificate)' $s_client_out > /dev/null
-check_exit_status $?
-
-# s_time
-start_message "s_time ... connect to SSL/TLS test server"
-$openssl_bin s_time -connect $host:$port -CAfile $ca_cert -time 2
-check_exit_status $?
-
-# sess_id
-start_message "sess_id"
-$openssl_bin sess_id -in $sess_dat -text -out $sess_dat.out
-check_exit_status $?
-
-stop_s_server
+ # --- client/server operations (TLS) ---
+ section_message "client/server operations (TLS)"
+
+ host="localhost"
+ port=4433
+ sess_dat=$user1_dir/s_client_sess.dat
+ s_server_out=$server_dir/s_server_tls.out
+
+ start_message "s_server ... start SSL/TLS test server"
+ $openssl_bin s_server -accept $port -CAfile $ca_cert \
+ -cert $server_cert -key $server_key -pass pass:$server_pass \
+ -context "appstest.sh" -id_prefix "APPSTEST.SH" -crl_check \
+ -nextprotoneg "http/1.1,spdy/3" -alpn "http/1.1,spdy/3" -www \
+ -cipher ALL \
+ -msg -tlsextdebug > $s_server_out 2>&1 &
+ check_exit_status $?
+ s_server_pid=$!
+ echo "s_server pid = [ $s_server_pid ]"
+ sleep 1
+
+ # protocol = TLSv1
+
+ s_client_out=$user1_dir/s_client_tls_1_0.out
+
+ start_message "s_client ... connect to SSL/TLS test server by TLSv1"
+ $openssl_bin s_client -connect $host:$port -CAfile $ca_cert \
+ -pause -prexit \
+ -tls1 -msg -tlsextdebug < /dev/null > $s_client_out 2>&1
+ check_exit_status $?
+
+ grep 'Protocol : TLSv1$' $s_client_out > /dev/null
+ check_exit_status $?
+
+ grep 'Verify return code: 0 (ok)' $s_client_out > /dev/null
+ check_exit_status $?
+
+ # protocol = TLSv1.1
+
+ s_client_out=$user1_dir/s_client_tls_1_1.out
+
+ start_message "s_client ... connect to SSL/TLS test server by TLSv1.1"
+ $openssl_bin s_client -connect $host:$port -CAfile $ca_cert \
+ -pause -prexit \
+ -tls1_1 -msg -tlsextdebug < /dev/null > $s_client_out 2>&1
+ check_exit_status $?
+
+ grep 'Protocol : TLSv1\.1$' $s_client_out > /dev/null
+ check_exit_status $?
+
+ grep 'Verify return code: 0 (ok)' $s_client_out > /dev/null
+ check_exit_status $?
+
+ # protocol = TLSv1.2
+
+ s_client_out=$user1_dir/s_client_tls_1_2.out
+
+ start_message "s_client ... connect to SSL/TLS test server by TLSv1.2"
+ $openssl_bin s_client -connect $host:$port -CAfile $ca_cert \
+ -pause -prexit \
+ -tls1_2 -msg -tlsextdebug < /dev/null > $s_client_out 2>&1
+ check_exit_status $?
+
+ grep 'Protocol : TLSv1\.2$' $s_client_out > /dev/null
+ check_exit_status $?
+
+ grep 'Verify return code: 0 (ok)' $s_client_out > /dev/null
+ check_exit_status $?
+
+ # all available ciphers with random order
+
+ ciphers=`$openssl_bin ciphers -v ALL:!ECDSA:!kGOST | awk '{print $1}' | sort -R`
+ cnum=0
+ for c in $ciphers ; do
+ cnum=`expr $cnum + 1`
+ cnstr=`printf %03d $cnum`
+ s_client_out=$user1_dir/s_client_tls_${cnstr}_${c}.out
+
+ start_message "s_client ... connect to SSL/TLS test server with [ $cnstr ] $c"
+ $openssl_bin s_client -connect $host:$port -CAfile $ca_cert \
+ -pause -prexit -cipher $c \
+ -msg -tlsextdebug < /dev/null > $s_client_out 2>&1
+ check_exit_status $?
+
+ grep "Cipher : $c" $s_client_out > /dev/null
+ check_exit_status $?
+
+ grep 'Verify return code: 0 (ok)' $s_client_out > /dev/null
+ check_exit_status $?
+ done
+
+ # Get session ticket to reuse
+
+ s_client_out=$user1_dir/s_client_tls_reuse_1.out
+
+ start_message "s_client ... connect to SSL/TLS test server to get session id"
+ $openssl_bin s_client -connect $host:$port -CAfile $ca_cert \
+ -pause -prexit \
+ -nextprotoneg "spdy/3,http/1.1" -alpn "spdy/3,http/1.1" \
+ -sess_out $sess_dat \
+ -msg -tlsextdebug < /dev/null > $s_client_out 2>&1
+ check_exit_status $?
+
+ grep 'New, TLSv1/SSLv3' $s_client_out > /dev/null
+ check_exit_status $?
+
+ grep 'Verify return code: 0 (ok)' $s_client_out > /dev/null
+ check_exit_status $?
+
+ # Reuse session ticket
+
+ s_client_out=$user1_dir/s_client_tls_reuse_2.out
+
+ start_message "s_client ... connect to SSL/TLS test server reusing session id"
+ $openssl_bin s_client -connect $host:$port -CAfile $ca_cert \
+ -pause -prexit -sess_in $sess_dat \
+ -msg -tlsextdebug < /dev/null > $s_client_out 2>&1
+ check_exit_status $?
+
+ grep 'Reused, TLSv1/SSLv3' $s_client_out > /dev/null
+ check_exit_status $?
+
+ grep 'Verify return code: 0 (ok)' $s_client_out > /dev/null
+ check_exit_status $?
+
+ # invalid verification pattern
+
+ s_client_out=$user1_dir/s_client_tls_invalid.out
+
+ start_message "s_client ... connect to SSL/TLS test server but verify error"
+ $openssl_bin s_client -connect $host:$port -CAfile $ca_cert \
+ -pause -prexit \
+ -showcerts -crl_check -issuer_checks -policy_check \
+ -msg -tlsextdebug < /dev/null > $s_client_out 2>&1
+ check_exit_status $?
+
+ grep 'Verify return code: 24 (invalid CA certificate)' $s_client_out \
+ > /dev/null
+ check_exit_status $?
+
+ # s_time
+ start_message "s_time ... connect to SSL/TLS test server"
+ $openssl_bin s_time -connect $host:$port -CAfile $ca_cert -time 2
+ check_exit_status $?
+
+ # sess_id
+ start_message "sess_id"
+ $openssl_bin sess_id -in $sess_dat -text -out $sess_dat.out
+ check_exit_status $?
+
+ stop_s_server
}
-#---------#---------#---------#---------#---------#---------#---------#---------
function test_speed {
-# === PERFORMANCE ===
-section_message "PERFORMANCE"
-
-if [ $no_long_tests = 0 ] ; then
- start_message "speed"
- $openssl_bin speed sha512 rsa2048 -multi 2 -elapsed
- check_exit_status $?
-else
- start_message "SKIPPNG speed (quick mode)"
-fi
+ # === PERFORMANCE ===
+ section_message "PERFORMANCE"
+
+ if [ $no_long_tests = 0 ] ; then
+ start_message "speed"
+ $openssl_bin speed sha512 rsa2048 -multi 2 -elapsed
+ check_exit_status $?
+ else
+ start_message "SKIPPNG speed (quick mode)"
+ fi
}
-#---------#---------#---------#---------#---------#---------#---------#---------
function test_version {
-# --- VERSION INFORMATION ---
-section_message "VERSION INFORMATION"
-
-start_message "version"
-$openssl_bin version -a
-check_exit_status $?
+ # --- VERSION INFORMATION ---
+ section_message "VERSION INFORMATION"
+
+ start_message "version"
+ $openssl_bin version -a
+ check_exit_status $?
}
#---------#---------#---------#---------#---------#---------#---------#---------
no_long_tests=0
while [ "$1" != "" ]; do
- case $1 in
- -q | --quick ) shift
- no_long_tests=1
- ;;
- * ) usage
- exit 1
- esac
+ case $1 in
+ -q | --quick ) shift
+ no_long_tests=1
+ ;;
+ * ) usage
+ exit 1
+ esac
done
#
ssldir="appstest_dir"
if [ -d $ssldir ] ; then
- echo "directory [ $ssldir ] exists, this script deletes this directory ..."
- /bin/rm -rf $ssldir
+ echo "directory [ $ssldir ] exists, this script deletes this directory ..."
+ /bin/rm -rf $ssldir
fi
mkdir -p $ssldir
uname_s=`uname -s | grep 'MINGW'`
if [ "$uname_s" = "" ] ; then
- mingw=0
+ mingw=0
else
- mingw=1
+ mingw=1
fi
#
projects / openbsd / commitdiff