Revision 4e3dbe37ca39fa68b6949fbde62f3ec0f0584f7e authored by Matt Caswell on 04 June 2015, 10:41:30 UTC, committed by Matt Caswell on 04 June 2015, 10:44:39 UTC
Ensure the Kerberos pre-master secret has OPENSSL_cleanse called on it. With thanks to the Open Crypto Audit Project for reporting this issue. Reviewed-by: Rich Salz <rsalz@openssl.org>
1 parent 3610719
testca
#!/bin/sh
SH="/bin/sh"
if test "$OSTYPE" = msdosdjgpp; then
PATH="../apps\;$PATH"
else
PATH="../apps:$PATH"
fi
export SH PATH
SSLEAY_CONFIG="-config CAss.cnf"
export SSLEAY_CONFIG
OPENSSL="`pwd`/../util/opensslwrap.sh"
export OPENSSL
/bin/rm -fr demoCA
$SH ../apps/CA.sh -newca <<EOF
EOF
if [ $? != 0 ]; then
exit 1;
fi
SSLEAY_CONFIG="-config Uss.cnf"
export SSLEAY_CONFIG
$SH ../apps/CA.sh -newreq
if [ $? != 0 ]; then
exit 1;
fi
SSLEAY_CONFIG="-config ../apps/openssl.cnf"
export SSLEAY_CONFIG
$SH ../apps/CA.sh -sign <<EOF
y
y
EOF
if [ $? != 0 ]; then
exit 1;
fi
$SH ../apps/CA.sh -verify newcert.pem
if [ $? != 0 ]; then
exit 1;
fi
/bin/rm -fr demoCA newcert.pem newreq.pem
#usage: CA -newcert|-newreq|-newca|-sign|-verify

Computing file changes ...