diff options
| -rw-r--r-- | myrpki/Makefile | 3 | ||||
| -rw-r--r-- | myrpki/verify-bpki.sh | 17 |
2 files changed, 20 insertions, 0 deletions
diff --git a/myrpki/Makefile b/myrpki/Makefile index d36a5906..4aaeb0b5 100644 --- a/myrpki/Makefile +++ b/myrpki/Makefile @@ -35,3 +35,6 @@ format: myrpki.xml graph: for b in bpki.myrpki bpki.rpkid bpki.pubd bpki.rootd; do python ../scripts/x509-dot.py $$b | dot -T ps2 | ps2pdf - $$b/graph.pdf; done + +verify: + sh verify-bpki.sh diff --git a/myrpki/verify-bpki.sh b/myrpki/verify-bpki.sh new file mode 100644 index 00000000..655807cb --- /dev/null +++ b/myrpki/verify-bpki.sh @@ -0,0 +1,17 @@ +#!/bin/sh - +# $Id$ +# +# Tests of generated BPKI certificates. + +find bpki.* -name '*.crl' | sed 's=^\(.*\)/\(.*\)$=echo -n "&: "; openssl crl -CAfile \1/ca.cer -noout -in &=' | sh + +find bpki.* -name '*.cer' ! -name 'ca.cer' ! -name '*.cacert.cer' | sed 's=^\(.*\)/.*$=openssl verify -CAfile \1/ca.cer &=' | sh + +# This won't work once there are more certs in the picture, but will +# suffice as an initial test of the pathlen-restricted +# cross-certification. + +for bpki in bpki.pubd bpki.rpkid +do + openssl verify -verbose -CAfile $bpki/ca.cer -untrusted $bpki/xcert.*.cer bpki.myrpki/bsc.*.cer +done |