Cleanup

svn path=/myrpki/verify-bpki.sh; revision=2758

1 files changed, 9 insertions, 9 deletions

diff --git a/myrpki/verify-bpki.sh b/myrpki/verify-bpki.sh
index 655807cb..432aa9c4 100755
--- a/myrpki/verify-bpki.sh
+++ b/myrpki/verify-bpki.sh
@@ -1,17 +1,17 @@
 #!/bin/sh -
 # $Id$
 #
-# Tests of generated BPKI certificates.
+# Tests of generated BPKI certificates.  This is kind of cheesy but
+# does test some of the basic stuff.
 
+# Check that CRLs verify properly
 find bpki.* -name '*.crl' | sed 's=^\(.*\)/\(.*\)$=echo -n "&: "; openssl crl -CAfile \1/ca.cer -noout -in &=' | sh
 
+# Check that issued certs verify properly
 find bpki.* -name '*.cer' ! -name 'ca.cer' ! -name '*.cacert.cer' | sed 's=^\(.*\)/.*$=openssl verify -CAfile \1/ca.cer &=' | sh
 
-# This won't work once there are more certs in the picture, but will
-# suffice as an initial test of the pathlen-restricted
-# cross-certification.
-
-for bpki in bpki.pubd bpki.rpkid
-do
-  openssl verify -verbose -CAfile $bpki/ca.cer -untrusted $bpki/xcert.*.cer bpki.myrpki/bsc.*.cer
-done
+# Attempt to check that cross-certified certs verify properly
+if test -d bpki.myirbe
+then
+    cat bpki.myirbe/xcert.*.cer | openssl verify -verbose -CAfile bpki.myirbe/ca.cer -untrusted /dev/stdin bpki.myrpki/bsc.*.cer
+fi