From 22e975dc0587964e30070950d97a3d59e5e2fb89 Mon Sep 17 00:00:00 2001 From: Stefan Berger Date: Wed, 2 Nov 2022 10:21:52 -0400 Subject: [PATCH] tests: Pass --verify-profile=medium to certtool if supported certtool emits the following message if --verify-profile is not passed: Note that no verification profile was selected. In the future the medium profile will be enabled by default. Use --verify-profile low to apply the default verification of NORMAL priority string. Pass the --verify-profile option if certtool supports it (since ~3.6.12). Signed-off-by: Stefan Berger --- tests/test_tpm2_swtpm_localca | 5 +++++ tests/test_tpm2_swtpm_localca_pkcs11.test | 5 +++++ 2 files changed, 10 insertions(+) diff --git a/tests/test_tpm2_swtpm_localca b/tests/test_tpm2_swtpm_localca index 0d6e143..b6ff56a 100755 --- a/tests/test_tpm2_swtpm_localca +++ b/tests/test_tpm2_swtpm_localca @@ -24,6 +24,10 @@ PATH=${TOPBUILD}/src/swtpm_cert:$PATH source ${TESTDIR}/common +if [ -n "$(${CERTTOOL} --help | grep -E "\-\-verify-profile")" ]; then + verify_profile="--verify-profile=medium" +fi + trap "cleanup" SIGTERM EXIT function cleanup() @@ -125,6 +129,7 @@ do ${CERTTOOL} \ --verify \ + ${verify_profile} \ --load-ca-certificate "${ISSUERCERT}" \ --infile "${workdir}/ek.pem" if [ $? -ne 0 ]; then diff --git a/tests/test_tpm2_swtpm_localca_pkcs11.test b/tests/test_tpm2_swtpm_localca_pkcs11.test index c81989d..f5f7f0c 100755 --- a/tests/test_tpm2_swtpm_localca_pkcs11.test +++ b/tests/test_tpm2_swtpm_localca_pkcs11.test @@ -35,6 +35,10 @@ PATH=${TOPBUILD}/src/swtpm_cert:$PATH source ${TESTDIR}/common +if [ -n "$(${CERTTOOL} --help | grep -E "\-\-verify-profile")" ]; then + verify_profile="--verify-profile=medium" +fi + trap "cleanup" SIGTERM EXIT function cleanup() @@ -214,6 +218,7 @@ do GNUTLS_PIN=${PIN} ${CERTTOOL} \ --verify \ + ${verify_profile} \ --load-ca-certificate ${ISSUERCERT} \ --infile ${workdir}/ek.pem if [ $? -ne 0 ]; then