# on 2006/08/11 23:29:13, sra did:

Turn on certificate policy checking. svn path=/scripts/gen-verify-test.pl; revision=205
author: Rob Austein <sra@hactrn.net> 2006-08-22 22:29:34 +0000
committer: Rob Austein <sra@hactrn.net> 2006-08-22 22:29:34 +0000
commit: be77fd772f0c179bccee81da94cd5fe8fc3483f4 (patch)
tree: 128a535f4bc436ba8a85d95024e64c6ff0b0d60b /scripts
parent: e0d3a96f10a64d3efc1e54180642dbd58a38c27e (diff)
1 files changed, 4 insertions, 2 deletions
diff --git a/scripts/gen-verify-test.pl b/scripts/gen-verify-test.pl
index 3dd6b350..615f51d2 100644
--- a/scripts/gen-verify-test.pl
+++ b/scripts/gen-verify-test.pl
@@ -7,9 +7,11 @@ use strict;
 
 my $openssl = "/u/sra/isc/route-pki/subvert-rpki.hactrn.net/openssl/trunk/apps/openssl";
 
+my $verify_options = "-verbose -crl_check_all -policy_check -explicit_policy -policy_print -policy 1.3.6.1.5.5.7.14.2 -x509_strict";
+
 my $verbose = 1;
 
-my $debug = 0;
+my $debug = $ENV{DEBUG};
 
 exit unless (@ARGV);
 
@@ -97,6 +99,6 @@ for my $f (@files) {
     print("$openssl crl  -inform DER -outform PEM >>CAfile.pem -in $_\n")
 	foreach (@crls);
     print("$openssl x509 -inform DER -outform PEM -out cert-in-hand.pem -in $f\n",
-	  "$openssl verify -verbose -CAfile CAfile.pem -crl_check_all cert-in-hand.pem\n",
+	  "$openssl verify -CAfile CAfile.pem $verify_options cert-in-hand.pem\n",
 	  "rm -f CAfile.pem cert-in-hand.pem\n");
 }
author	Rob Austein <sra@hactrn.net>	2006-08-22 22:29:34 +0000
committer	Rob Austein <sra@hactrn.net>	2006-08-22 22:29:34 +0000
commit	be77fd772f0c179bccee81da94cd5fe8fc3483f4 (patch)
tree	128a535f4bc436ba8a85d95024e64c6ff0b0d60b /scripts
parent	e0d3a96f10a64d3efc1e54180642dbd58a38c27e (diff)