Fix generation of expired CA certificate.

Reviewed-by: N Richard Levitte <levitte@openssl.org>

Fix generation of expired CA certificate.
Reviewed-by: N Richard Levitte <levitte@openssl.org>
b58614d7 · Dr. Stephen Henson · 768a3eca · b58614d7 · b58614d7
隐藏空白更改
内联并排

Showing with 4 addition and 2 deletion

test/certs/mkcert.sh test/certs/mkcert.sh +3 -1

test/certs/setup.sh test/certs/setup.sh +1 -1

未找到文件。
--- a/test/certs/mkcert.sh
+++ b/test/certs/mkcert.sh
@@ -8,7 +8,9 @@

 # 100 years should be enough for now
 #
-DAYS=36525
+if [ -z "$DAYS" ]; then
+    DAYS=36525
+fi

 if [ -z "$OPENSSL_SIGALG" ]; then
    OPENSSL_SIGALG=sha256

--- a/test/certs/setup.sh
+++ b/test/certs/setup.sh
@@ -86,7 +86,7 @@ openssl x509 -in sroot-cert.pem -trustout \
 ./mkcert.sh genca "CA" ca-key2 ca-cert2 root-key root-cert
 ./mkcert.sh genca "CA2" ca-key ca-name2 root-key root-cert
 ./mkcert.sh genca "CA" ca-key ca-root2 root-key2 root-cert2
-./mkcert.sh genca "CA" ca-key ca-expired root-key root-cert -days -1
+DAYS=-1 ./mkcert.sh genca "CA" ca-key ca-expired root-key root-cert
 #
 openssl x509 -in ca-cert.pem -trustout \
    -addtrust serverAuth -out ca+serverAuth.pem