From b58614d7f5f98571b2c0bb2fb3df48f4b48a7e92 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Wed, 22 Jun 2016 18:09:42 +0100 Subject: [PATCH] Fix generation of expired CA certificate. Reviewed-by: Richard Levitte --- test/certs/mkcert.sh | 4 +++- test/certs/setup.sh | 2 +- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/test/certs/mkcert.sh b/test/certs/mkcert.sh index 39e3a1e28c..ced08ea091 100755 --- a/test/certs/mkcert.sh +++ b/test/certs/mkcert.sh @@ -8,7 +8,9 @@ # 100 years should be enough for now # -DAYS=36525 +if [ -z "$DAYS" ]; then + DAYS=36525 +fi if [ -z "$OPENSSL_SIGALG" ]; then OPENSSL_SIGALG=sha256 diff --git a/test/certs/setup.sh b/test/certs/setup.sh index 4eaf511ef4..b8c10863d3 100755 --- a/test/certs/setup.sh +++ b/test/certs/setup.sh @@ -86,7 +86,7 @@ openssl x509 -in sroot-cert.pem -trustout \ ./mkcert.sh genca "CA" ca-key2 ca-cert2 root-key root-cert ./mkcert.sh genca "CA2" ca-key ca-name2 root-key root-cert ./mkcert.sh genca "CA" ca-key ca-root2 root-key2 root-cert2 -./mkcert.sh genca "CA" ca-key ca-expired root-key root-cert -days -1 +DAYS=-1 ./mkcert.sh genca "CA" ca-key ca-expired root-key root-cert # openssl x509 -in ca-cert.pem -trustout \ -addtrust serverAuth -out ca+serverAuth.pem -- 2.25.1