# The directory with tools, defaulting to ../tool in the git base
# Note that testdata is meant for developers, so assuming git is usually the best
#
-TOOLDIR ?= $(shell pwd)/../tool
+TOOLDIR ?= $(shell pwd)/../build/tool
#
# Load a few things from tlspool.conf; these are assumed present while testing
$(CERTTOOL) --pgp-certificate-info --infile $@ --inraw --outfile $(@:.pgp=.asc)
# Key 3: X.509 Client Certificate
-tlspool-test-client-cert.der: tlspool-test-client-cert.template
+tlspool-test-client-cert.der: tlspool-test-client-cert.template tlspool-test-ca-cert.der
echo Using PRIVKEY3, '$(PRIVKEY3)'
- $(CERTTOOL) --outfile $@ --outder --generate-self-signed --load-privkey='$(PRIVKEY3)' --template=$<
+ $(CERTTOOL) --outfile $@ --outder --generate-certificate --load-ca-certificate=tlspool-test-ca-cert.pem --load-ca-privkey='$(PRIVKEY5)' --load-privkey='$(PRIVKEY3)' --template=$<
$(CERTTOOL) --certificate-info --infile $@ --inder --outfile $(@:.der=.pem)
# Key 4: X.509 Server Certificate with user@ domain name
-tlspool-test-server-cert.der: tlspool-test-server-cert.template
+tlspool-test-server-cert.der: tlspool-test-server-cert.template tlspool-test-ca-cert.der
echo Using PRIVKEY4, '$(PRIVKEY4)'
- $(CERTTOOL) --outfile $@ --outder --generate-self-signed --load-privkey='$(PRIVKEY4)' --template=$<
+ $(CERTTOOL) --outfile $@ --outder --generate-certificate --load-ca-certificate=tlspool-test-ca-cert.pem --load-ca-privkey='$(PRIVKEY5)' --load-privkey='$(PRIVKEY4)' --template=$<
$(CERTTOOL) --certificate-info --infile $@ --inder --outfile $(@:.der=.pem)
# Key 5: Test CA (for chained certificates)
$(CERTTOOL) --certificate-info --infile $@ --inder --outfile $(@:.der=.pem)
# Key 7: X.509 Server Certificate with just a host name
-tlspool-test-webhost-cert.der: tlspool-test-webhost-cert.template
+tlspool-test-webhost-cert.der: tlspool-test-webhost-cert.template tlspool-test-ca-cert.der
echo Using PRIVKEY7, '$(PRIVKEY7)'
- $(CERTTOOL) --outfile $@ --outder --generate-self-signed --load-privkey='$(PRIVKEY7)' --template=$<
+ $(CERTTOOL) --outfile $@ --outder --generate-certificate --load-ca-certificate=tlspool-test-ca-cert.pem --load-ca-privkey='$(PRIVKEY5)' --load-privkey='$(PRIVKEY7)' --template=$<
# Key 8: X.509 Server Certificate with just a host name
-tlspool-test-playground-cert.der: tlspool-test-playground-cert.template
+tlspool-test-playground-cert.der: tlspool-test-playground-cert.template tlspool-test-ca-cert.der
echo Using PRIVKEY8, '$(PRIVKEY8)'
- $(CERTTOOL) --outfile $@ --outder --generate-self-signed --load-privkey='$(PRIVKEY8)' --template=$<
+ $(CERTTOOL) --outfile $@ --outder --generate-certificate --load-ca-certificate=tlspool-test-ca-cert.pem --load-ca-privkey='$(PRIVKEY5)' --load-privkey='$(PRIVKEY8)' --template=$<
# Turn a .der into a .keyid
# country = GR
# The common name of the certificate owner.
-cn = "TLS Pool Test X.509 Server"
+cn = "TLS Pool Test X.509 Playground Server"
# A user id of the certificate owner.
#uid = "clauper"
# Whether this certificate will be used for a TLS server
tls_www_server
-# Whether this certificate will be used to sign data (needed
-# in TLS DHE ciphersuites).
-signing_key
-
-# Whether this certificate will be used to encrypt data (needed
-# in TLS RSA ciphersuites). Note that it is preferred to use different
-# keys for encryption and signing.
-encryption_key
-
# Whether this key will be used to sign other certificates.
# cert_signing_key
#code_signing_key
# Whether this key will be used to sign OCSP data.
-ocsp_signing_key
+#ocsp_signing_key
# Whether this key will be used for time stamping.
#time_stamping_key
# country = GR
# The common name of the certificate owner.
-cn = "TLS Pool Test X.509 Server"
+cn = "TLS Pool Test X.509 Webhost Server"
# A user id of the certificate owner.
#uid = "clauper"
# Whether this certificate will be used for a TLS server
tls_www_server
-# Whether this certificate will be used to sign data (needed
-# in TLS DHE ciphersuites).
-signing_key
-
-# Whether this certificate will be used to encrypt data (needed
-# in TLS RSA ciphersuites). Note that it is preferred to use different
-# keys for encryption and signing.
-encryption_key
-
# Whether this key will be used to sign other certificates.
# cert_signing_key
#code_signing_key
# Whether this key will be used to sign OCSP data.
-ocsp_signing_key
+#ocsp_signing_key
# Whether this key will be used for time stamping.
#time_stamping_key