Closed pjdufour-dds closed 4 years ago
I was reviewing this and running through the Makefile
examples when I hit an error. I ran rm -rf temp/ && make test_cli
and got this output:
mkdir -p temp
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -subj "/C=US/O=Atlantis/OU=Atlantis Digital Service/CN=icebergca" -keyout temp/ca.key -out temp/ca.crt
Generating a RSA private key
.....................................................................................................................................................+++++
...................................+++++
writing new private key to 'temp/ca.key'
-----
echo '01' > temp/ca.srl
touch temp/index.txt
echo 'unique_subject = yes' > temp/index.txt.attr
mkdir -p temp
openssl genrsa -out temp/server.key 2048
Generating RSA private key, 2048 bit long modulus (2 primes)
......................................................+++++
...........+++++
e is 65537 (0x010001)
openssl req -new -key temp/server.key -subj "/C=US/O=Atlantis/OU=Atlantis Digital Service/CN=iceberglocal" -out temp/server.csr
openssl ca -config examples/conf/openssl.cnf -batch -notext -in temp/server.csr -out temp/server.crt
Using configuration from examples/conf/openssl.cnf
Check that the request matches the signature
Signature ok
Certificate Details:
Serial Number: 1 (0x1)
Validity
Not Before: Sep 3 22:11:23 2020 GMT
Not After : Sep 3 22:11:23 2021 GMT
Subject:
countryName = US
organizationName = Atlantis
organizationalUnitName = Atlantis Digital Service
commonName = iceberglocal
Certificate is to be certified until Sep 3 22:11:23 2021 GMT (365 days)
Write out database with 1 new entries
Data Base Updated
bash scripts/test-cli.sh
Using temporary directory at /var/folders/b5/2fhdzt3s19l41s4j63z1swjh0000gn/T/shunit.zyN6iB/tmp
Reading testdata from /Users/cgilmer/Projects/deptofdefense/iceberg/scripts/../testdata
testServe
ASSERT:unexpected output expected:<> but was:<iceberg: error initializing certificate revocation list: error loading CRL from file "temp/ca.crl.der": open temp/ca.crl.der: no such file or directory
Try iceberg --help for more information.>
shunit2:ERROR testServe() returned non-zero return code.
Tearing Down
Ran 1 test.
FAILED (failures=2)
Tearing Down
make: *** [test_cli] Error 1
Running make crl
fixed this issue for me. I suggest one update in the Makefile
on line 35 should be updated to this:
test_cli: bin/iceberg temp/ca.crt temp/server.crt crl ## Run CLI tests
I refactored the crl
make target, so it is run with test_cli. Added check for CRL format. Thanks for the review!
Closes https://github.com/deptofdefense/iceberg/issues/8
Add the
--client-crl
and--client-crl-format
command line flags and reworks theMakefile
targets to support the fullopenssl ca
workflow instead of just usingopenssl x509
.