1178825Sdfr#!/bin/sh 2178825Sdfr# 3233294Sstas# Copyright (c) 2006 - 2007 Kungliga Tekniska H��gskolan 4178825Sdfr# (Royal Institute of Technology, Stockholm, Sweden). 5178825Sdfr# All rights reserved. 6178825Sdfr# 7178825Sdfr# Redistribution and use in source and binary forms, with or without 8178825Sdfr# modification, are permitted provided that the following conditions 9178825Sdfr# are met: 10178825Sdfr# 11178825Sdfr# 1. Redistributions of source code must retain the above copyright 12178825Sdfr# notice, this list of conditions and the following disclaimer. 13178825Sdfr# 14178825Sdfr# 2. Redistributions in binary form must reproduce the above copyright 15178825Sdfr# notice, this list of conditions and the following disclaimer in the 16178825Sdfr# documentation and/or other materials provided with the distribution. 17178825Sdfr# 18178825Sdfr# 3. Neither the name of the Institute nor the names of its contributors 19178825Sdfr# may be used to endorse or promote products derived from this software 20178825Sdfr# without specific prior written permission. 21178825Sdfr# 22178825Sdfr# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 23178825Sdfr# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 24178825Sdfr# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 25178825Sdfr# ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 26178825Sdfr# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27178825Sdfr# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28178825Sdfr# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29178825Sdfr# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30178825Sdfr# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31178825Sdfr# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32178825Sdfr# SUCH DAMAGE. 33178825Sdfr# 34233294Sstas# $Id$ 35178825Sdfr# 36178825Sdfr 37178825Sdfrsrcdir="@srcdir@" 38178825Sdfrobjdir="@objdir@" 39178825Sdfr 40178825Sdfrstat="--statistic-file=${objdir}/statfile" 41178825Sdfr 42178825Sdfrhxtool="${TESTS_ENVIRONMENT} ./hxtool ${stat}" 43178825Sdfr 44178825Sdfrif ${hxtool} info | grep 'rsa: hcrypto null RSA' > /dev/null ; then 45178825Sdfr exit 77 46178825Sdfrfi 47178825Sdfrif ${hxtool} info | grep 'rand: not available' > /dev/null ; then 48178825Sdfr exit 77 49178825Sdfrfi 50178825Sdfr 51178825Sdfrecho "create certificate request" 52178825Sdfr${hxtool} request-create \ 53178825Sdfr --subject="CN=Love,DC=it,DC=su,DC=se" \ 54178825Sdfr --key=FILE:$srcdir/data/key.der \ 55178825Sdfr pkcs10-request.der || exit 1 56178825Sdfr 57178825Sdfrecho "issue certificate" 58178825Sdfr${hxtool} issue-certificate \ 59178825Sdfr --ca-certificate=FILE:$srcdir/data/ca.crt,$srcdir/data/ca.key \ 60178825Sdfr --subject="cn=foo" \ 61178825Sdfr --req="PKCS10:pkcs10-request.der" \ 62178825Sdfr --certificate="FILE:cert-ee.pem" || exit 1 63178825Sdfr 64178825Sdfrecho "verify certificate" 65178825Sdfr${hxtool} verify --missing-revoke \ 66178825Sdfr cert:FILE:cert-ee.pem \ 67178825Sdfr anchor:FILE:$srcdir/data/ca.crt > /dev/null || exit 1 68178825Sdfr 69178825Sdfrecho "issue crl (no cert)" 70178825Sdfr${hxtool} crl-sign \ 71178825Sdfr --crl-file=crl.crl \ 72178825Sdfr --signer=FILE:$srcdir/data/ca.crt,$srcdir/data/ca.key || exit 1 73178825Sdfr 74178825Sdfrecho "verify certificate (with CRL)" 75178825Sdfr${hxtool} verify \ 76178825Sdfr cert:FILE:cert-ee.pem \ 77178825Sdfr crl:FILE:crl.crl \ 78178825Sdfr anchor:FILE:$srcdir/data/ca.crt > /dev/null || exit 1 79178825Sdfr 80178825Sdfrecho "issue crl (with cert)" 81178825Sdfr${hxtool} crl-sign \ 82178825Sdfr --crl-file=crl.crl \ 83178825Sdfr --signer=FILE:$srcdir/data/ca.crt,$srcdir/data/ca.key \ 84178825Sdfr FILE:cert-ee.pem || exit 1 85178825Sdfr 86178825Sdfrecho "verify certificate (included in CRL)" 87178825Sdfr${hxtool} verify \ 88178825Sdfr cert:FILE:cert-ee.pem \ 89178825Sdfr crl:FILE:crl.crl \ 90178825Sdfr anchor:FILE:$srcdir/data/ca.crt > /dev/null && exit 1 91178825Sdfr 92178825Sdfrecho "issue crl (with cert)" 93178825Sdfr${hxtool} crl-sign \ 94178825Sdfr --crl-file=crl.crl \ 95178825Sdfr --lifetime='1 month' \ 96178825Sdfr --signer=FILE:$srcdir/data/ca.crt,$srcdir/data/ca.key \ 97178825Sdfr FILE:cert-ee.pem || exit 1 98178825Sdfr 99178825Sdfrecho "verify certificate (included in CRL, and lifetime 1 month)" 100178825Sdfr${hxtool} verify \ 101178825Sdfr cert:FILE:cert-ee.pem \ 102178825Sdfr crl:FILE:crl.crl \ 103178825Sdfr anchor:FILE:$srcdir/data/ca.crt > /dev/null && exit 1 104178825Sdfr 105178825Sdfrecho "issue certificate (10years 1 month)" 106178825Sdfr${hxtool} issue-certificate \ 107178825Sdfr --ca-certificate=FILE:$srcdir/data/ca.crt,$srcdir/data/ca.key \ 108178825Sdfr --subject="cn=foo" \ 109178825Sdfr --lifetime="10years 1 month" \ 110178825Sdfr --req="PKCS10:pkcs10-request.der" \ 111178825Sdfr --certificate="FILE:cert-ee.pem" || exit 1 112178825Sdfr 113178825Sdfrecho "issue certificate (with https ekus)" 114178825Sdfr${hxtool} issue-certificate \ 115178825Sdfr --ca-certificate=FILE:$srcdir/data/ca.crt,$srcdir/data/ca.key \ 116178825Sdfr --subject="cn=foo" \ 117178825Sdfr --type="https-server" \ 118178825Sdfr --type="https-client" \ 119178825Sdfr --req="PKCS10:pkcs10-request.der" \ 120178825Sdfr --certificate="FILE:cert-ee.pem" || exit 1 121178825Sdfr 122178825Sdfrecho "issue certificate (pkinit KDC)" 123178825Sdfr${hxtool} issue-certificate \ 124178825Sdfr --ca-certificate=FILE:$srcdir/data/ca.crt,$srcdir/data/ca.key \ 125178825Sdfr --subject="cn=foo" \ 126178825Sdfr --type="pkinit-kdc" \ 127178825Sdfr --pk-init-principal="krbtgt/TEST.H5L.SE@TEST.H5L.SE" \ 128178825Sdfr --req="PKCS10:pkcs10-request.der" \ 129178825Sdfr --certificate="FILE:cert-ee.pem" || exit 1 130178825Sdfr 131178825Sdfrecho "issue certificate (pkinit client)" 132178825Sdfr${hxtool} issue-certificate \ 133178825Sdfr --ca-certificate=FILE:$srcdir/data/ca.crt,$srcdir/data/ca.key \ 134178825Sdfr --subject="cn=foo" \ 135178825Sdfr --type="pkinit-client" \ 136178825Sdfr --pk-init-principal="lha@TEST.H5L.SE" \ 137178825Sdfr --req="PKCS10:pkcs10-request.der" \ 138178825Sdfr --certificate="FILE:cert-ee.pem" || exit 1 139178825Sdfr 140178825Sdfrecho "issue certificate (hostnames)" 141178825Sdfr${hxtool} issue-certificate \ 142178825Sdfr --ca-certificate=FILE:$srcdir/data/ca.crt,$srcdir/data/ca.key \ 143178825Sdfr --subject="cn=foo" \ 144178825Sdfr --type="https-server" \ 145178825Sdfr --hostname="www.test.h5l.se" \ 146178825Sdfr --hostname="ftp.test.h5l.se" \ 147178825Sdfr --req="PKCS10:pkcs10-request.der" \ 148178825Sdfr --certificate="FILE:cert-ee.pem" || exit 1 149178825Sdfr 150178825Sdfrecho "verify certificate hostname (ok)" 151178825Sdfr${hxtool} verify --missing-revoke \ 152178825Sdfr --hostname=www.test.h5l.se \ 153178825Sdfr cert:FILE:cert-ee.pem \ 154178825Sdfr anchor:FILE:$srcdir/data/ca.crt > /dev/null || exit 1 155178825Sdfr 156178825Sdfrecho "verify certificate hostname (fail)" 157178825Sdfr${hxtool} verify --missing-revoke \ 158178825Sdfr --hostname=www2.test.h5l.se \ 159178825Sdfr cert:FILE:cert-ee.pem \ 160178825Sdfr anchor:FILE:$srcdir/data/ca.crt > /dev/null && exit 1 161178825Sdfr 162178825Sdfrecho "verify certificate hostname (fail)" 163178825Sdfr${hxtool} verify --missing-revoke \ 164178825Sdfr --hostname=2www.test.h5l.se \ 165178825Sdfr cert:FILE:cert-ee.pem \ 166178825Sdfr anchor:FILE:$srcdir/data/ca.crt > /dev/null && exit 1 167178825Sdfr 168178825Sdfrecho "issue certificate (hostname in CN)" 169178825Sdfr${hxtool} issue-certificate \ 170178825Sdfr --ca-certificate=FILE:$srcdir/data/ca.crt,$srcdir/data/ca.key \ 171178825Sdfr --subject="cn=www.test.h5l.se" \ 172178825Sdfr --type="https-server" \ 173178825Sdfr --req="PKCS10:pkcs10-request.der" \ 174178825Sdfr --certificate="FILE:cert-ee.pem" || exit 1 175178825Sdfr 176178825Sdfrecho "verify certificate hostname (ok)" 177178825Sdfr${hxtool} verify --missing-revoke \ 178178825Sdfr --hostname=www.test.h5l.se \ 179178825Sdfr cert:FILE:cert-ee.pem \ 180178825Sdfr anchor:FILE:$srcdir/data/ca.crt > /dev/null || exit 1 181178825Sdfr 182178825Sdfrecho "verify certificate hostname (fail)" 183178825Sdfr${hxtool} verify --missing-revoke \ 184178825Sdfr --hostname=www2.test.h5l.se \ 185178825Sdfr cert:FILE:cert-ee.pem \ 186178825Sdfr anchor:FILE:$srcdir/data/ca.crt > /dev/null && exit 1 187178825Sdfr 188178825Sdfrecho "issue certificate (email)" 189178825Sdfr${hxtool} issue-certificate \ 190178825Sdfr --ca-certificate=FILE:$srcdir/data/ca.crt,$srcdir/data/ca.key \ 191178825Sdfr --subject="cn=foo" \ 192178825Sdfr --email="lha@test.h5l.se" \ 193178825Sdfr --email="test@test.h5l.se" \ 194178825Sdfr --req="PKCS10:pkcs10-request.der" \ 195178825Sdfr --certificate="FILE:cert-ee.pem" || exit 1 196178825Sdfr 197178825Sdfrecho "issue certificate (email, null subject DN)" 198178825Sdfr${hxtool} issue-certificate \ 199178825Sdfr --ca-certificate=FILE:$srcdir/data/ca.crt,$srcdir/data/ca.key \ 200178825Sdfr --subject="" \ 201178825Sdfr --email="lha@test.h5l.se" \ 202178825Sdfr --req="PKCS10:pkcs10-request.der" \ 203178825Sdfr --certificate="FILE:cert-null.pem" || exit 1 204178825Sdfr 205178825Sdfrecho "issue certificate (jabber)" 206178825Sdfr${hxtool} issue-certificate \ 207178825Sdfr --ca-certificate=FILE:$srcdir/data/ca.crt,$srcdir/data/ca.key \ 208178825Sdfr --subject="cn=foo" \ 209178825Sdfr --jid="lha@test.h5l.se" \ 210178825Sdfr --req="PKCS10:pkcs10-request.der" \ 211178825Sdfr --certificate="FILE:cert-ee.pem" || exit 1 212178825Sdfr 213178825Sdfrecho "issue self-signed cert" 214178825Sdfr${hxtool} issue-certificate \ 215178825Sdfr --self-signed \ 216178825Sdfr --ca-private-key=FILE:$srcdir/data/key.der \ 217178825Sdfr --subject="cn=test" \ 218178825Sdfr --certificate="FILE:cert-ee.pem" || exit 1 219178825Sdfr 220178825Sdfrecho "issue ca cert" 221178825Sdfr${hxtool} issue-certificate \ 222178825Sdfr --ca-certificate=FILE:$srcdir/data/ca.crt,$srcdir/data/ca.key \ 223178825Sdfr --issue-ca \ 224178825Sdfr --subject="cn=ca-cert" \ 225178825Sdfr --req="PKCS10:pkcs10-request.der" \ 226178825Sdfr --certificate="FILE:cert-ca.der" || exit 1 227178825Sdfr 228178825Sdfrecho "issue self-signed ca cert" 229178825Sdfr${hxtool} issue-certificate \ 230178825Sdfr --self-signed \ 231178825Sdfr --issue-ca \ 232178825Sdfr --ca-private-key=FILE:$srcdir/data/key.der \ 233178825Sdfr --subject="cn=ca-root" \ 234178825Sdfr --certificate="FILE:cert-ca.der" || exit 1 235178825Sdfr 236178825Sdfrecho "issue proxy certificate" 237178825Sdfr${hxtool} issue-certificate \ 238178825Sdfr --ca-certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \ 239178825Sdfr --issue-proxy \ 240178825Sdfr --req="PKCS10:pkcs10-request.der" \ 241178825Sdfr --certificate="FILE:cert-proxy.der" || exit 1 242178825Sdfr 243178825Sdfrecho "verify proxy cert" 244178825Sdfr${hxtool} verify --missing-revoke \ 245178825Sdfr --allow-proxy-certificate \ 246178825Sdfr cert:FILE:cert-proxy.der \ 247178825Sdfr chain:FILE:$srcdir/data/test.crt \ 248178825Sdfr anchor:FILE:$srcdir/data/ca.crt > /dev/null || exit 1 249178825Sdfr 250178825Sdfrecho "issue ca cert (generate rsa key)" 251178825Sdfr${hxtool} issue-certificate \ 252178825Sdfr --self-signed \ 253178825Sdfr --issue-ca \ 254178825Sdfr --serial-number="deadbeaf" \ 255178825Sdfr --generate-key=rsa \ 256178825Sdfr --path-length=-1 \ 257178825Sdfr --subject="cn=ca2-cert" \ 258178825Sdfr --certificate="FILE:cert-ca.pem" || exit 1 259178825Sdfr 260178825Sdfrecho "issue sub-ca cert (generate rsa key)" 261178825Sdfr${hxtool} issue-certificate \ 262178825Sdfr --ca-certificate=FILE:cert-ca.pem \ 263178825Sdfr --issue-ca \ 264178825Sdfr --serial-number="deadbeaf22" \ 265178825Sdfr --generate-key=rsa \ 266178825Sdfr --subject="cn=sub-ca2-cert" \ 267178825Sdfr --certificate="FILE:cert-sub-ca.pem" || exit 1 268178825Sdfr 269178825Sdfrecho "issue ee cert (generate rsa key)" 270178825Sdfr${hxtool} issue-certificate \ 271178825Sdfr --ca-certificate=FILE:cert-ca.pem \ 272178825Sdfr --generate-key=rsa \ 273178825Sdfr --subject="cn=cert-ee2" \ 274178825Sdfr --certificate="FILE:cert-ee.pem" || exit 1 275178825Sdfr 276178825Sdfrecho "issue sub-ca ee cert (generate rsa key)" 277178825Sdfr${hxtool} issue-certificate \ 278178825Sdfr --ca-certificate=FILE:cert-sub-ca.pem \ 279178825Sdfr --generate-key=rsa \ 280178825Sdfr --subject="cn=cert-sub-ee2" \ 281178825Sdfr --certificate="FILE:cert-sub-ee.pem" || exit 1 282178825Sdfr 283178825Sdfrecho "verify certificate (ee)" 284178825Sdfr${hxtool} verify --missing-revoke \ 285178825Sdfr cert:FILE:cert-ee.pem \ 286178825Sdfr anchor:FILE:cert-ca.pem > /dev/null || exit 1 287178825Sdfr 288178825Sdfrecho "verify certificate (sub-ee)" 289178825Sdfr${hxtool} verify --missing-revoke \ 290178825Sdfr cert:FILE:cert-sub-ee.pem \ 291178825Sdfr chain:FILE:cert-sub-ca.pem \ 292178825Sdfr anchor:FILE:cert-ca.pem || exit 1 293178825Sdfr 294178825Sdfrecho "sign CMS signature (generate key)" 295178825Sdfr${hxtool} cms-create-sd \ 296178825Sdfr --certificate=FILE:cert-ee.pem \ 297178825Sdfr "$srcdir/test_name.c" \ 298178825Sdfr sd.data > /dev/null || exit 1 299178825Sdfr 300178825Sdfrecho "verify CMS signature (generate key)" 301178825Sdfr${hxtool} cms-verify-sd \ 302178825Sdfr --missing-revoke \ 303178825Sdfr --anchors=FILE:cert-ca.pem \ 304178825Sdfr sd.data sd.data.out > /dev/null || exit 1 305178825Sdfrcmp "$srcdir/test_name.c" sd.data.out || exit 1 306178825Sdfr 307178825Sdfrecho "extend ca cert" 308178825Sdfr${hxtool} issue-certificate \ 309178825Sdfr --self-signed \ 310178825Sdfr --issue-ca \ 311178825Sdfr --lifetime="2years" \ 312178825Sdfr --serial-number="deadbeaf" \ 313178825Sdfr --ca-private-key=FILE:cert-ca.pem \ 314178825Sdfr --subject="cn=ca2-cert" \ 315178825Sdfr --certificate="FILE:cert-ca.pem" || exit 1 316178825Sdfr 317178825Sdfrecho "verify certificate generated by previous ca" 318178825Sdfr${hxtool} verify --missing-revoke \ 319178825Sdfr cert:FILE:cert-ee.pem \ 320178825Sdfr anchor:FILE:cert-ca.pem > /dev/null || exit 1 321178825Sdfr 322178825Sdfrecho "extend ca cert (template)" 323178825Sdfr${hxtool} issue-certificate \ 324178825Sdfr --self-signed \ 325178825Sdfr --issue-ca \ 326178825Sdfr --lifetime="3years" \ 327178825Sdfr --template-certificate="FILE:cert-ca.pem" \ 328178825Sdfr --template-fields="serialNumber,notBefore,subject" \ 329178825Sdfr --path-length=-1 \ 330178825Sdfr --ca-private-key=FILE:cert-ca.pem \ 331178825Sdfr --certificate="FILE:cert-ca.pem" || exit 1 332178825Sdfr 333178825Sdfrecho "verify certificate generated by previous ca" 334178825Sdfr${hxtool} verify --missing-revoke \ 335178825Sdfr cert:FILE:cert-ee.pem \ 336178825Sdfr anchor:FILE:cert-ca.pem > /dev/null || exit 1 337178825Sdfr 338178825Sdfrecho "extend sub-ca cert (template)" 339178825Sdfr${hxtool} issue-certificate \ 340178825Sdfr --ca-certificate=FILE:cert-ca.pem \ 341178825Sdfr --issue-ca \ 342178825Sdfr --lifetime="2years" \ 343178825Sdfr --template-certificate="FILE:cert-sub-ca.pem" \ 344178825Sdfr --template-fields="serialNumber,notBefore,subject,SPKI" \ 345178825Sdfr --certificate="FILE:cert-sub-ca2.pem" || exit 1 346178825Sdfr 347178825Sdfrecho "verify certificate (sub-ee) with extended chain" 348178825Sdfr${hxtool} verify --missing-revoke \ 349178825Sdfr cert:FILE:cert-sub-ee.pem \ 350178825Sdfr chain:FILE:cert-sub-ca.pem \ 351178825Sdfr anchor:FILE:cert-ca.pem > /dev/null || exit 1 352178825Sdfr 353178825Sdfrecho "+++++++++++ test basic constraints" 354178825Sdfr 355178825Sdfrecho "extend ca cert (too low path-length constraint)" 356178825Sdfr${hxtool} issue-certificate \ 357178825Sdfr --self-signed \ 358178825Sdfr --issue-ca \ 359178825Sdfr --lifetime="3years" \ 360178825Sdfr --template-certificate="FILE:cert-ca.pem" \ 361178825Sdfr --template-fields="serialNumber,notBefore,subject" \ 362178825Sdfr --path-length=0 \ 363178825Sdfr --ca-private-key=FILE:cert-ca.pem \ 364178825Sdfr --certificate="FILE:cert-ca.pem" || exit 1 365178825Sdfr 366178825Sdfrecho "verify failure of certificate (sub-ee) with path-length constraint" 367178825Sdfr${hxtool} verify --missing-revoke \ 368178825Sdfr cert:FILE:cert-sub-ee.pem \ 369178825Sdfr chain:FILE:cert-sub-ca.pem \ 370178825Sdfr anchor:FILE:cert-ca.pem > /dev/null && exit 1 371178825Sdfr 372178825Sdfrecho "extend ca cert (exact path-length constraint)" 373178825Sdfr${hxtool} issue-certificate \ 374178825Sdfr --self-signed \ 375178825Sdfr --issue-ca \ 376178825Sdfr --lifetime="3years" \ 377178825Sdfr --template-certificate="FILE:cert-ca.pem" \ 378178825Sdfr --template-fields="serialNumber,notBefore,subject" \ 379178825Sdfr --path-length=1 \ 380178825Sdfr --ca-private-key=FILE:cert-ca.pem \ 381178825Sdfr --certificate="FILE:cert-ca.pem" || exit 1 382178825Sdfr 383178825Sdfrecho "verify certificate (sub-ee) with exact path-length constraint" 384178825Sdfr${hxtool} verify --missing-revoke \ 385178825Sdfr cert:FILE:cert-sub-ee.pem \ 386178825Sdfr chain:FILE:cert-sub-ca.pem \ 387178825Sdfr anchor:FILE:cert-ca.pem > /dev/null || exit 1 388178825Sdfr 389178825Sdfrecho "Check missing basicConstrants.isCa" 390178825Sdfr${hxtool} issue-certificate \ 391178825Sdfr --ca-certificate=FILE:cert-ca.pem \ 392178825Sdfr --lifetime="2years" \ 393178825Sdfr --template-certificate="FILE:cert-sub-ca.pem" \ 394178825Sdfr --template-fields="serialNumber,notBefore,subject,SPKI" \ 395178825Sdfr --certificate="FILE:cert-sub-ca2.pem" || exit 1 396178825Sdfr 397178825Sdfrecho "verify failure certificate (sub-ee) with missing isCA" 398178825Sdfr${hxtool} verify --missing-revoke \ 399178825Sdfr cert:FILE:cert-sub-ee.pem \ 400178825Sdfr chain:FILE:cert-sub-ca2.pem \ 401178825Sdfr anchor:FILE:cert-ca.pem > /dev/null && exit 1 402178825Sdfr 403178825Sdfrecho "issue ee cert (crl uri)" 404178825Sdfr${hxtool} issue-certificate \ 405178825Sdfr --ca-certificate=FILE:cert-ca.pem \ 406178825Sdfr --req="PKCS10:pkcs10-request.der" \ 407178825Sdfr --crl-uri="http://www.test.h5l.se/crl1.crl" \ 408178825Sdfr --subject="cn=cert-ee-crl-uri" \ 409178825Sdfr --certificate="FILE:cert-ee.pem" || exit 1 410178825Sdfr 411178825Sdfrecho "issue null subject cert" 412178825Sdfr${hxtool} issue-certificate \ 413178825Sdfr --ca-certificate=FILE:cert-ca.pem \ 414178825Sdfr --req="PKCS10:pkcs10-request.der" \ 415178825Sdfr --subject="" \ 416178825Sdfr --email="lha@test.h5l.se" \ 417178825Sdfr --certificate="FILE:cert-ee.pem" || exit 1 418178825Sdfr 419178825Sdfrecho "verify certificate null subject" 420178825Sdfr${hxtool} verify --missing-revoke \ 421178825Sdfr cert:FILE:cert-ee.pem \ 422178825Sdfr anchor:FILE:cert-ca.pem > /dev/null || exit 1 423178825Sdfr 424178825Sdfrexit 0 425