diff options
Diffstat (limited to 'tests/auth/cert')
| -rwxr-xr-x | tests/auth/cert | 17 |
1 files changed, 10 insertions, 7 deletions
diff --git a/tests/auth/cert b/tests/auth/cert index 966796a..9355af8 100755 --- a/tests/auth/cert +++ b/tests/auth/cert @@ -4,25 +4,28 @@ # # openssl genrsa 4096 > key.pem -openssl req -x509 -new -key key.pem -days 1825 -config default-openssl.cnf > \ +# Note that for glibc versions prior to 2.34 there is an issue on i686 with +# using certificates with expiration date beyond 2038. +# +openssl req -x509 -new -key key.pem -days 5475 -config default-openssl.cnf > \ default-cert.pem cat default-cert.pem | openssl x509 -sha256 -noout -fingerprint | \ sed -n 's/^SHA256 Fingerprint=\(.*\)$/\1/p' >default-cert-fp -openssl req -x509 -new -key key.pem -days 1825 -config mismatch-openssl.cnf > \ +openssl req -x509 -new -key key.pem -days 5475 -config mismatch-openssl.cnf > \ mismatch-cert.pem -openssl req -x509 -new -key key.pem -days 1825 -config noemail-openssl.cnf > \ +openssl req -x509 -new -key key.pem -days 5475 -config noemail-openssl.cnf > \ noemail-cert.pem -openssl req -x509 -new -key key.pem -days 1825 \ +openssl req -x509 -new -key key.pem -days 5475 \ -config subdomain-openssl.cnf > subdomain-cert.pem -openssl req -x509 -new -key key.pem -days 1825 -config self-openssl.cnf > \ +openssl req -x509 -new -key key.pem -days 5475 -config self-openssl.cnf > \ self-cert.pem -openssl req -x509 -new -key key.pem -days 1825 -config self-any-openssl.cnf > \ +openssl req -x509 -new -key key.pem -days 5475 -config self-any-openssl.cnf > \ self-any-cert.pem # Normally, you have no reason to regenerate expired-cert.pem, as need to keep @@ -33,7 +36,7 @@ openssl req -x509 -new -key key.pem -days 1825 -config self-any-openssl.cnf > \ # To regenerate the packages and signature manifest files run bpkg rep-create # command, for example: # -# ../../bpkg/bpkg rep-create ../rep-auth/expired --key key.pem +# bpkg rep-create ../rep-auth/expired --key key.pem # # We cannot do it in the testscript since the certificate has expired. This is # also the reason why we store these auto-generated manifests in git. |