source: mod_gnutls/t/Makefile @ c25fc5d

debian/masterdebian/stretch-backportsjessie-backportsupstream
Last change on this file since c25fc5d was c25fc5d, checked in by Daniel Kahn Gillmor <dkg@…>, 6 years ago

OpenPGP certificate needs either sign or encrypt capabilities

GnuTLS selects the OpenPGP certificate to use based on its
capabilities. For ciphersuites doing key exchange via DHE (and
ECDHE), it wants the cert to be marked as usable for signing. For
ciphersuites doing key exchange via RSA, it wants the key to be marked
as usable for encryption.

In our test suite, we'll mark the key as usable for signing.

  • Property mode set to 100644
File size: 3.2 KB
Line 
1#!/usr/bin/make -f
2
3# Author: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
4
5# run these tests to ensure that mod_gnutls can handle a range of
6# simple configuration choices.
7
8export TEST_HOST ?= localhost
9export TEST_IP ?= ::1
10# chosen at random:
11export TEST_PORT ?= 9932
12
13export TEST_GAP ?= 1.5
14export TEST_QUERY_DELAY ?= 2
15
16all: setup.done
17        ./runtests
18
19t-%: setup.done
20        ./runtests $@
21
22
23
24
25
26### for setting up a little miniature CA + server + client environment:
27identities := server authority client imposter rogueca
28tokens := x509.pem secring.gpg secret.key cert.pgp secret.pgp
29all_tokens := $(foreach id,$(identities),$(foreach token,$(tokens),$(id)/$(token)))
30
31%.template: %.template.in
32        sed s/__HOSTNAME__/$(TEST_HOST)/ < $< > $@
33
34server.uid: server.uid.in
35        sed s/__HOSTNAME__/$(TEST_HOST)/ < $< > $@
36
37%/secret.key:
38        mkdir -p $(dir $@)
39        chmod 0700 $(dir $@)
40        certtool --generate-privkey > $@
41
42%/secring.gpg: %.uid %/secret.key
43        rm -f $(dir $@)pubring.gpg $(dir $@)secring.gpg $(dir $@)trustdb.gpg
44        PEM2OPENPGP_EXPIRATION=86400 PEM2OPENPGP_USAGE_FLAGS=authenticate,certify,sign pem2openpgp "$$(cat $<)" < $(dir $@)secret.key | GNUPGHOME=$(dir $@) gpg --import
45        printf "%s:6:\n" "$$(GNUPGHOME=$(dir $@) gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)" | GNUPGHOME=$(dir $@) gpg --import-ownertrust
46
47%/gpg.conf: %/secring.gpg
48        printf "default-key %s\n" "$$(GNUPGHOME=$(dir $@) gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)" > $@
49
50%/secret.pgp: %/secring.gpg
51        GNUPGHOME=$(dir $@) gpg --armor --batch --no-tty --yes --export-secret-key "$$(GNUPGHOME=$(dir $@) gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)" > $@
52
53%/minimal.pgp: %/secring.gpg
54        GNUPGHOME=$(dir $@) gpg --armor --export "$$(GNUPGHOME=$(dir $@) gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)" > $@
55
56%/cert.pgp: %/minimal.pgp authority/gpg.conf
57        GNUPGHOME=authority gpg --import $<
58        GNUPGHOME=authority gpg --batch --sign-key --no-tty --yes "$$(GNUPGHOME=$(dir $@) gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)"
59        GNUPGHOME=authority gpg --armor --export "$$(GNUPGHOME=$(dir $@) gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)" > $@
60
61# special cases for the authorities' root certs:
62authority/x509.pem: authority.template authority/secret.key
63        certtool --generate-self-signed --load-privkey=authority/secret.key --template=authority.template > $@
64rogueca/x509.pem: rogueca.template rogueca/secret.key
65        certtool --generate-self-signed --load-privkey=rogueca/secret.key --template=rogueca.template > $@
66
67%/cert-request: %.template %/secret.key
68        certtool --generate-request --load-privkey=$(dir $@)secret.key --template=$< > $@
69
70%/x509.pem: %.template %/cert-request authority/secret.key authority/x509.pem
71        certtool --generate-certificate --load-ca-certificate=authority/x509.pem --load-ca-privkey=authority/secret.key --load-request=$(dir $@)cert-request --template=$< > $@
72
73setup.done: $(all_tokens)
74        mkdir -p logs cache outputs
75        touch setup.done
76
77
78clean:
79        rm -rf server client authority logs cache outputs setup.done server.template
80
81.PHONY: all clean
Note: See TracBrowser for help on using the repository browser.