mirror of
https://github.com/qemu/qemu.git
synced 2024-11-29 06:43:37 +08:00
tests: add more helper macros for creating TLS x509 certs
These macros are more suited to the general consumers of certs in the test suite, where we don't need to exercise every single possible permutation. Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> Message-Id: <20220426160048.812266-3-berrange@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
This commit is contained in:
parent
c98ce274db
commit
5bc6364bfb
@ -26,6 +26,9 @@
|
||||
#include <libtasn1.h>
|
||||
|
||||
|
||||
#define QCRYPTO_TLS_TEST_CLIENT_NAME "ACME QEMU Client"
|
||||
#define QCRYPTO_TLS_TEST_CLIENT_HOSTILE_NAME "ACME Hostile Client"
|
||||
|
||||
/*
|
||||
* This contains parameter about how to generate
|
||||
* certificates.
|
||||
@ -118,6 +121,56 @@ void test_tls_cleanup(const char *keyfile);
|
||||
}; \
|
||||
test_tls_generate_cert(&varname, NULL)
|
||||
|
||||
# define TLS_ROOT_REQ_SIMPLE(varname, fname) \
|
||||
QCryptoTLSTestCertReq varname = { \
|
||||
.filename = fname, \
|
||||
.cn = "qemu-CA", \
|
||||
.basicConstraintsEnable = true, \
|
||||
.basicConstraintsCritical = true, \
|
||||
.basicConstraintsIsCA = true, \
|
||||
.keyUsageEnable = true, \
|
||||
.keyUsageCritical = true, \
|
||||
.keyUsageValue = GNUTLS_KEY_KEY_CERT_SIGN, \
|
||||
}; \
|
||||
test_tls_generate_cert(&varname, NULL)
|
||||
|
||||
# define TLS_CERT_REQ_SIMPLE_CLIENT(varname, cavarname, cname, fname) \
|
||||
QCryptoTLSTestCertReq varname = { \
|
||||
.filename = fname, \
|
||||
.cn = cname, \
|
||||
.basicConstraintsEnable = true, \
|
||||
.basicConstraintsCritical = true, \
|
||||
.basicConstraintsIsCA = false, \
|
||||
.keyUsageEnable = true, \
|
||||
.keyUsageCritical = true, \
|
||||
.keyUsageValue = \
|
||||
GNUTLS_KEY_DIGITAL_SIGNATURE | GNUTLS_KEY_KEY_ENCIPHERMENT, \
|
||||
.keyPurposeEnable = true, \
|
||||
.keyPurposeCritical = true, \
|
||||
.keyPurposeOID1 = GNUTLS_KP_TLS_WWW_CLIENT, \
|
||||
}; \
|
||||
test_tls_generate_cert(&varname, cavarname.crt)
|
||||
|
||||
# define TLS_CERT_REQ_SIMPLE_SERVER(varname, cavarname, fname, \
|
||||
hostname, ipaddr) \
|
||||
QCryptoTLSTestCertReq varname = { \
|
||||
.filename = fname, \
|
||||
.cn = hostname ? hostname : ipaddr, \
|
||||
.altname1 = hostname, \
|
||||
.ipaddr1 = ipaddr, \
|
||||
.basicConstraintsEnable = true, \
|
||||
.basicConstraintsCritical = true, \
|
||||
.basicConstraintsIsCA = false, \
|
||||
.keyUsageEnable = true, \
|
||||
.keyUsageCritical = true, \
|
||||
.keyUsageValue = \
|
||||
GNUTLS_KEY_DIGITAL_SIGNATURE | GNUTLS_KEY_KEY_ENCIPHERMENT, \
|
||||
.keyPurposeEnable = true, \
|
||||
.keyPurposeCritical = true, \
|
||||
.keyPurposeOID1 = GNUTLS_KP_TLS_WWW_SERVER, \
|
||||
}; \
|
||||
test_tls_generate_cert(&varname, cavarname.crt)
|
||||
|
||||
extern const asn1_static_node pkix_asn1_tab[];
|
||||
|
||||
#endif
|
||||
|
Loading…
Reference in New Issue
Block a user