diff options
| -rwxr-xr-x | myrpki/verify-bpki.sh | 18 |
1 files changed, 9 insertions, 9 deletions
diff --git a/myrpki/verify-bpki.sh b/myrpki/verify-bpki.sh index 655807cb..432aa9c4 100755 --- a/myrpki/verify-bpki.sh +++ b/myrpki/verify-bpki.sh @@ -1,17 +1,17 @@ #!/bin/sh - # $Id$ # -# Tests of generated BPKI certificates. +# Tests of generated BPKI certificates. This is kind of cheesy but +# does test some of the basic stuff. +# Check that CRLs verify properly find bpki.* -name '*.crl' | sed 's=^\(.*\)/\(.*\)$=echo -n "&: "; openssl crl -CAfile \1/ca.cer -noout -in &=' | sh +# Check that issued certs verify properly find bpki.* -name '*.cer' ! -name 'ca.cer' ! -name '*.cacert.cer' | sed 's=^\(.*\)/.*$=openssl verify -CAfile \1/ca.cer &=' | sh -# This won't work once there are more certs in the picture, but will -# suffice as an initial test of the pathlen-restricted -# cross-certification. - -for bpki in bpki.pubd bpki.rpkid -do - openssl verify -verbose -CAfile $bpki/ca.cer -untrusted $bpki/xcert.*.cer bpki.myrpki/bsc.*.cer -done +# Attempt to check that cross-certified certs verify properly +if test -d bpki.myirbe +then + cat bpki.myirbe/xcert.*.cer | openssl verify -verbose -CAfile bpki.myirbe/ca.cer -untrusted /dev/stdin bpki.myrpki/bsc.*.cer +fi |