diff options
| author | Rob Austein <sra@hactrn.net> | 2006-08-22 22:27:20 +0000 |
|---|---|---|
| committer | Rob Austein <sra@hactrn.net> | 2006-08-22 22:27:20 +0000 |
| commit | 17a030000ae7cf55e233d40f4da143087b67d894 (patch) | |
| tree | 22270c4e7fc6f4c00044bf9c345e88b51ab5b45e | |
| parent | 477a5c85a07475fccfdf86befa339bf678e53307 (diff) | |
# on 2006/08/09 19:18:00, sra did:
Haven't (further) broken it yet, but not quite working yet either.
svn path=/scripts/gen-verify-test.pl; revision=185
| -rw-r--r-- | scripts/gen-verify-test.pl | 24 |
1 files changed, 12 insertions, 12 deletions
diff --git a/scripts/gen-verify-test.pl b/scripts/gen-verify-test.pl index c26d691b..34466b1c 100644 --- a/scripts/gen-verify-test.pl +++ b/scripts/gen-verify-test.pl @@ -12,18 +12,22 @@ open(F, "-|", "find", @ARGV, qw(-type f -name *.cer)) chomp(my @files = <F>); close(F); +# Convert files to PEM (openssl verify is lame) + +for (@files) { + my $f = $_; + s/\.cer$/.pem/; # This modifies @files + next if -f $_; + !system($openssl, qw(x509 -inform DER -in), $f, "-out", $_) + or die("Couldn't convert $f to PEM format: $!\n"); +} + my %aki; my %ski; -sub pem { - my $f = shift; - $f =~ s/\.cer$/.pem/; - return $f; -} - for my $f (@files) { my ($a, $s); - open(F, "-|", $openssl, qw(x509 -noout -inform DER -text -in), $f) + open(F, "-|", $openssl, qw(x509 -noout -text -in), $f) or die("Couldn't run openssl x509 on $f: $!\n"); while (<F>) { chomp; @@ -47,13 +51,9 @@ for my $f (@files) { # then build up and test full chains from that. for my $f (@files) { - my $pem = pem($f); - !system($openssl, qw(x509 -inform DER -in), $f, "-out", $pem) - or die("Couldn't convert $f to PEM format: $!\n") - unless (-f $pem); next unless ($aki{$f}); my @daddy = grep({ $ski{$_} eq $aki{$f} } @files); next unless (@daddy == 1); print("$openssl verify -verbose -issuer_checks \\\n\t-CAfile ", - pem($daddy[0]), " \\\n\t\t$pem\n"); + $daddy[0], " \\\n\t\t", $f, "\n"); } |