Correct fixed cert validity end date in oqsprovider testing

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/28350)
2026-01-18 17:11:31 +01:00 · 2025-08-27 07:43:13 +02:00
parent c66d9760a7
commit 045a158e61
2 changed files with 60 additions and 0 deletions
--- a/test/recipes/95-test_external_oqsprovider_data/oqsprovider-ca.sh
+++ b/test/recipes/95-test_external_oqsprovider_data/oqsprovider-ca.sh
@@ -0,0 +1,58 @@
+#!/bin/bash
+
+# Test openssl CA functionality using oqsprovider for alg $1
+
+if [ $# -ne 1 ]; then
+    echo "Usage: $0 <algorithmname>. Exiting."
+    exit 1
+fi
+
+if [ -z "$OPENSSL_APP" ]; then
+    echo "OPENSSL_APP env var not set. Exiting."
+    exit 1
+fi
+
+if [ -z "$OPENSSL_MODULES" ]; then
+    echo "Warning: OPENSSL_MODULES env var not set."
+fi
+
+if [ -z "$OPENSSL_CONF" ]; then
+    echo "Warning: OPENSSL_CONF env var not set."
+fi
+
+# Set OSX DYLD_LIBRARY_PATH if not already externally set
+if [ -z "$DYLD_LIBRARY_PATH" ]; then
+    export DYLD_LIBRARY_PATH=$LD_LIBRARY_PATH
+fi
+
+echo "oqsprovider-ca.sh commencing..."
+
+#rm -rf tmp
+mkdir -p tmp && cd tmp
+rm -rf demoCA && mkdir -p demoCA/newcerts
+touch demoCA/index.txt
+echo '01' > demoCA/serial
+$OPENSSL_APP req -x509 -new -newkey $1 -keyout $1_rootCA.key -out $1_rootCA.crt -subj "/CN=test CA" -nodes
+
+if [ $? -ne 0 ]; then
+   echo "Failed to generate root CA. Exiting."
+   exit 1
+fi
+
+$OPENSSL_APP req -new -newkey $1 -keyout $1.key -out $1.csr -nodes -subj "/CN=test Server"
+
+if [ $? -ne 0 ]; then
+   echo "Failed to generate test server CSR. Exiting."
+   exit 1
+fi
+
+$OPENSSL_APP ca -batch -days 100 -keyfile $1_rootCA.key -cert $1_rootCA.crt -policy policy_anything -notext -out $1.crt -infiles $1.csr
+
+if [ $? -ne 0 ]; then
+   echo "Failed to generate server CRT. Exiting."
+   exit 1
+fi
+
+# Don't forget to use provider(s) when not activated via config file
+$OPENSSL_APP verify -CAfile $1_rootCA.crt $1.crt
+
--- a/test/recipes/95-test_external_oqsprovider_data/oqsprovider.sh
+++ b/test/recipes/95-test_external_oqsprovider_data/oqsprovider.sh
@@ -69,5 +69,7 @@ export OPENSSL_APP="$O_EXE/openssl"
 export OPENSSL_MODULES=$PWD/_build/lib
 export OQS_PROVIDER_TESTSCRIPTS=$SRCTOP/oqs-provider/scripts
 export OPENSSL_CONF=$OQS_PROVIDER_TESTSCRIPTS/openssl-ca.cnf
+# hotfix for wrong cert validity period
+cp $SRCTOP/test/recipes/95-test_external_oqsprovider_data/oqsprovider-ca.sh $SRCTOP/oqs-provider/scripts/
 # Be verbose if harness is verbose:
 $SRCTOP/oqs-provider/scripts/runtests.sh -V