mirror of
https://github.com/guanzhi/GmSSL.git
synced 2026-06-27 15:43:42 +08:00
Update CMake generated certs
This commit is contained in:
Zhi Guan
@@ -825,7 +825,7 @@ endif()
|
||||
#
|
||||
set(CPACK_PACKAGE_NAME "GmSSL")
|
||||
set(CPACK_PACKAGE_VENDOR "GmSSL develop team")
|
||||
set(CPACK_PACKAGE_VERSION "3.2.0-dev.1111")
|
||||
set(CPACK_PACKAGE_VERSION "3.2.0-dev.1112")
|
||||
set(CPACK_PACKAGE_DESCRIPTION_FILE ${PROJECT_SOURCE_DIR}/README.md)
|
||||
set(CPACK_NSIS_MODIFY_PATH ON)
|
||||
include(CPack)
|
||||
|
||||
@@ -1,268 +1,205 @@
|
||||
set(GMSSL_TEST_PASS P@ssw0rd)
|
||||
set(GMSSL_TEST_SUBJECT -C CN -ST Beijing -L Haidian -O GmSSL -OU Test)
|
||||
|
||||
execute_process(
|
||||
COMMAND bin/gmssl sm2keygen -pass P@ssw0rd -out rootcakey.pem
|
||||
function(gmssl_run)
|
||||
execute_process(
|
||||
COMMAND ${ARGN}
|
||||
RESULT_VARIABLE TEST_RESULT
|
||||
ERROR_VARIABLE TEST_STDERR
|
||||
)
|
||||
if(NOT ${TEST_RESULT} EQUAL 0)
|
||||
message(FATAL_ERROR "stderr: ${TEST_STDERR}")
|
||||
endif()
|
||||
if(NOT EXISTS rootcakey.pem)
|
||||
message(FATAL_ERROR "generated file does not exist")
|
||||
endif()
|
||||
)
|
||||
if(NOT ${TEST_RESULT} EQUAL 0)
|
||||
message(FATAL_ERROR "command failed: ${ARGN}\nstderr: ${TEST_STDERR}")
|
||||
endif()
|
||||
endfunction()
|
||||
|
||||
execute_process(
|
||||
COMMAND bin/gmssl certgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN ROOTCA -days 3650 -key rootcakey.pem -pass P@ssw0rd -out rootcacert.pem -key_usage keyCertSign -key_usage cRLSign -ca
|
||||
RESULT_VARIABLE TEST_RESULT
|
||||
ERROR_VARIABLE TEST_STDERR
|
||||
)
|
||||
if(NOT ${TEST_RESULT} EQUAL 0)
|
||||
message(FATAL_ERROR "stderr: ${TEST_STDERR}")
|
||||
endif()
|
||||
if(NOT EXISTS rootcacert.pem)
|
||||
message(FATAL_ERROR "generated file does not exist")
|
||||
endif()
|
||||
file(READ rootcacert.pem FILE_CONTENT)
|
||||
if (NOT FILE_CONTENT MATCHES "^-----BEGIN CERTIFICATE-----")
|
||||
message(FATAL_ERROR "generate file error")
|
||||
endif()
|
||||
function(gmssl_require_generated_file file)
|
||||
if(NOT EXISTS "${file}")
|
||||
message(FATAL_ERROR "generated file does not exist: ${file}")
|
||||
endif()
|
||||
endfunction()
|
||||
|
||||
execute_process(
|
||||
COMMAND bin/gmssl sm2keygen -pass P@ssw0rd -out cakey.pem
|
||||
RESULT_VARIABLE TEST_RESULT
|
||||
ERROR_VARIABLE TEST_STDERR
|
||||
)
|
||||
if(NOT ${TEST_RESULT} EQUAL 0)
|
||||
message(FATAL_ERROR "stderr: ${TEST_STDERR}")
|
||||
endif()
|
||||
if(NOT EXISTS cakey.pem)
|
||||
message(FATAL_ERROR "generated file does not exist")
|
||||
endif()
|
||||
function(gmssl_read_generated_pem file expected_header)
|
||||
gmssl_require_generated_file("${file}")
|
||||
file(READ "${file}" FILE_CONTENT)
|
||||
if(NOT FILE_CONTENT MATCHES "^${expected_header}")
|
||||
message(FATAL_ERROR "generated file has unexpected PEM header: ${file}")
|
||||
endif()
|
||||
endfunction()
|
||||
|
||||
execute_process(
|
||||
COMMAND bin/gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN "Sub CA" -key cakey.pem -pass P@ssw0rd -out careq.pem
|
||||
RESULT_VARIABLE TEST_RESULT
|
||||
ERROR_VARIABLE TEST_STDERR
|
||||
)
|
||||
if(NOT ${TEST_RESULT} EQUAL 0)
|
||||
message(FATAL_ERROR "stderr: ${TEST_STDERR}")
|
||||
endif()
|
||||
if(NOT EXISTS careq.pem)
|
||||
message(FATAL_ERROR "generated file does not exist")
|
||||
endif()
|
||||
file(READ careq.pem FILE_CONTENT)
|
||||
if (NOT FILE_CONTENT MATCHES "^-----BEGIN CERTIFICATE REQUEST-----")
|
||||
message(FATAL_ERROR "generate file error")
|
||||
endif()
|
||||
function(gmssl_generate_sm2_key key_file)
|
||||
gmssl_run(bin/gmssl sm2keygen -pass ${GMSSL_TEST_PASS} -out "${key_file}")
|
||||
gmssl_require_generated_file("${key_file}")
|
||||
endfunction()
|
||||
|
||||
execute_process(
|
||||
COMMAND bin/gmssl reqsign -in careq.pem -days 365 -key_usage keyCertSign -path_len_constraint 0 -cacert rootcacert.pem -key rootcakey.pem -pass P@ssw0rd -out cacert.pem -ca
|
||||
RESULT_VARIABLE TEST_RESULT
|
||||
ERROR_VARIABLE TEST_STDERR
|
||||
)
|
||||
if(NOT ${TEST_RESULT} EQUAL 0)
|
||||
message(FATAL_ERROR "stderr: ${TEST_STDERR}")
|
||||
endif()
|
||||
if(NOT EXISTS cacert.pem)
|
||||
message(FATAL_ERROR "generated file does not exist")
|
||||
endif()
|
||||
function(gmssl_generate_p256_key key_file export_file)
|
||||
if(export_file)
|
||||
gmssl_run(bin/gmssl p256keygen -pass ${GMSSL_TEST_PASS} -out "${key_file}" -export "${export_file}")
|
||||
gmssl_require_generated_file("${export_file}")
|
||||
else()
|
||||
gmssl_run(bin/gmssl p256keygen -pass ${GMSSL_TEST_PASS} -out "${key_file}")
|
||||
endif()
|
||||
gmssl_require_generated_file("${key_file}")
|
||||
endfunction()
|
||||
|
||||
execute_process(
|
||||
COMMAND bin/gmssl sm2keygen -pass P@ssw0rd -out signkey.pem
|
||||
RESULT_VARIABLE TEST_RESULT
|
||||
ERROR_VARIABLE TEST_STDERR
|
||||
)
|
||||
if(NOT ${TEST_RESULT} EQUAL 0)
|
||||
message(FATAL_ERROR "stderr: ${TEST_STDERR}")
|
||||
endif()
|
||||
if(NOT EXISTS signkey.pem)
|
||||
message(FATAL_ERROR "generated file does not exist")
|
||||
endif()
|
||||
function(gmssl_generate_key alg key_file export_file)
|
||||
if(alg STREQUAL SM2)
|
||||
gmssl_generate_sm2_key("${key_file}")
|
||||
elseif(alg STREQUAL P256)
|
||||
gmssl_generate_p256_key("${key_file}" "${export_file}")
|
||||
else()
|
||||
message(FATAL_ERROR "unknown key algorithm: ${alg}")
|
||||
endif()
|
||||
endfunction()
|
||||
|
||||
execute_process(
|
||||
COMMAND bin/gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN localhost -key signkey.pem -pass P@ssw0rd -out signreq.pem
|
||||
RESULT_VARIABLE TEST_RESULT
|
||||
ERROR_VARIABLE TEST_STDERR
|
||||
)
|
||||
if(NOT ${TEST_RESULT} EQUAL 0)
|
||||
message(FATAL_ERROR "stderr: ${TEST_STDERR}")
|
||||
endif()
|
||||
if(NOT EXISTS signreq.pem)
|
||||
message(FATAL_ERROR "generated file does not exist")
|
||||
endif()
|
||||
function(gmssl_generate_root_ca alg prefix common_name)
|
||||
gmssl_generate_key(${alg} "${prefix}_key.pem" "${prefix}_key.exp")
|
||||
gmssl_run(bin/gmssl certgen
|
||||
${GMSSL_TEST_SUBJECT}
|
||||
-CN "${common_name}"
|
||||
-days 3650
|
||||
-key "${prefix}_key.pem"
|
||||
-pass ${GMSSL_TEST_PASS}
|
||||
-out "${prefix}_cert.pem"
|
||||
-key_usage keyCertSign
|
||||
-key_usage cRLSign
|
||||
-ca)
|
||||
gmssl_read_generated_pem("${prefix}_cert.pem" "-----BEGIN CERTIFICATE-----")
|
||||
endfunction()
|
||||
|
||||
execute_process(
|
||||
COMMAND bin/gmssl reqsign -in signreq.pem -days 365 -key_usage digitalSignature -cacert cacert.pem -key cakey.pem -pass P@ssw0rd -subject_dns_name localhost -out signcert.pem
|
||||
RESULT_VARIABLE TEST_RESULT
|
||||
ERROR_VARIABLE TEST_STDERR
|
||||
)
|
||||
if(NOT ${TEST_RESULT} EQUAL 0)
|
||||
message(FATAL_ERROR "stderr: ${TEST_STDERR}")
|
||||
endif()
|
||||
if(NOT EXISTS signcert.pem)
|
||||
message(FATAL_ERROR "generated file does not exist")
|
||||
endif()
|
||||
function(gmssl_generate_ca alg prefix common_name issuer_cert issuer_key path_len)
|
||||
gmssl_generate_key(${alg} "${prefix}_key.pem" "${prefix}_key.exp")
|
||||
gmssl_run(bin/gmssl reqgen
|
||||
${GMSSL_TEST_SUBJECT}
|
||||
-CN "${common_name}"
|
||||
-key "${prefix}_key.pem"
|
||||
-pass ${GMSSL_TEST_PASS}
|
||||
-out "${prefix}_req.pem")
|
||||
gmssl_read_generated_pem("${prefix}_req.pem" "-----BEGIN CERTIFICATE REQUEST-----")
|
||||
gmssl_run(bin/gmssl reqsign
|
||||
-in "${prefix}_req.pem"
|
||||
-days 1825
|
||||
-key_usage keyCertSign
|
||||
-key_usage cRLSign
|
||||
-path_len_constraint ${path_len}
|
||||
-cacert "${issuer_cert}"
|
||||
-key "${issuer_key}"
|
||||
-pass ${GMSSL_TEST_PASS}
|
||||
-out "${prefix}_cert.pem"
|
||||
-ca)
|
||||
gmssl_read_generated_pem("${prefix}_cert.pem" "-----BEGIN CERTIFICATE-----")
|
||||
endfunction()
|
||||
|
||||
execute_process(
|
||||
COMMAND bin/gmssl sm2keygen -pass P@ssw0rd -out enckey.pem
|
||||
RESULT_VARIABLE TEST_RESULT
|
||||
ERROR_VARIABLE TEST_STDERR
|
||||
)
|
||||
if(NOT ${TEST_RESULT} EQUAL 0)
|
||||
message(FATAL_ERROR "stderr: ${TEST_STDERR}")
|
||||
endif()
|
||||
if(NOT EXISTS enckey.pem)
|
||||
message(FATAL_ERROR "generated file does not exist")
|
||||
endif()
|
||||
function(gmssl_generate_end_entity alg prefix common_name issuer_cert issuer_key key_usage ext_key_usage subject_dns_name export_key)
|
||||
if(export_key)
|
||||
set(export_file "${prefix}_key.exp")
|
||||
else()
|
||||
set(export_file "")
|
||||
endif()
|
||||
gmssl_generate_key(${alg} "${prefix}_key.pem" "${export_file}")
|
||||
gmssl_run(bin/gmssl reqgen
|
||||
${GMSSL_TEST_SUBJECT}
|
||||
-CN "${common_name}"
|
||||
-key "${prefix}_key.pem"
|
||||
-pass ${GMSSL_TEST_PASS}
|
||||
-out "${prefix}_req.pem")
|
||||
gmssl_read_generated_pem("${prefix}_req.pem" "-----BEGIN CERTIFICATE REQUEST-----")
|
||||
|
||||
execute_process(
|
||||
COMMAND bin/gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN localhost -key enckey.pem -pass P@ssw0rd -out encreq.pem
|
||||
RESULT_VARIABLE TEST_RESULT
|
||||
ERROR_VARIABLE TEST_STDERR
|
||||
)
|
||||
if(NOT ${TEST_RESULT} EQUAL 0)
|
||||
message(FATAL_ERROR "stderr: ${TEST_STDERR}")
|
||||
endif()
|
||||
if(NOT EXISTS encreq.pem)
|
||||
message(FATAL_ERROR "generated file does not exist")
|
||||
endif()
|
||||
set(sign_args
|
||||
-in "${prefix}_req.pem"
|
||||
-days 365
|
||||
-key_usage ${key_usage}
|
||||
-cacert "${issuer_cert}"
|
||||
-key "${issuer_key}"
|
||||
-pass ${GMSSL_TEST_PASS}
|
||||
-out "${prefix}_cert.pem")
|
||||
if(ext_key_usage)
|
||||
list(APPEND sign_args -ext_key_usage ${ext_key_usage})
|
||||
endif()
|
||||
if(subject_dns_name)
|
||||
list(APPEND sign_args -subject_dns_name ${subject_dns_name})
|
||||
endif()
|
||||
gmssl_run(bin/gmssl reqsign ${sign_args})
|
||||
gmssl_read_generated_pem("${prefix}_cert.pem" "-----BEGIN CERTIFICATE-----")
|
||||
endfunction()
|
||||
|
||||
execute_process(
|
||||
COMMAND bin/gmssl reqsign -in encreq.pem -days 365 -key_usage keyEncipherment -cacert cacert.pem -key cakey.pem -pass P@ssw0rd -subject_dns_name localhost -out enccert.pem
|
||||
RESULT_VARIABLE TEST_RESULT
|
||||
ERROR_VARIABLE TEST_STDERR
|
||||
)
|
||||
if(NOT ${TEST_RESULT} EQUAL 0)
|
||||
message(FATAL_ERROR "stderr: ${TEST_STDERR}")
|
||||
endif()
|
||||
if(NOT EXISTS enccert.pem)
|
||||
message(FATAL_ERROR "generated file does not exist")
|
||||
endif()
|
||||
function(gmssl_write_bundle out_file)
|
||||
file(WRITE "${out_file}" "")
|
||||
foreach(pem_file IN LISTS ARGN)
|
||||
gmssl_require_generated_file("${pem_file}")
|
||||
file(READ "${pem_file}" PEM_CONTENT)
|
||||
file(APPEND "${out_file}" "${PEM_CONTENT}")
|
||||
endforeach()
|
||||
gmssl_require_generated_file("${out_file}")
|
||||
endfunction()
|
||||
|
||||
file(WRITE tlcp_server_certs.pem "")
|
||||
file(READ signcert.pem CERT_CONTENT)
|
||||
file(APPEND tlcp_server_certs.pem "${CERT_CONTENT}")
|
||||
file(READ enccert.pem CERT_CONTENT)
|
||||
file(APPEND tlcp_server_certs.pem "${CERT_CONTENT}")
|
||||
file(READ cacert.pem CERT_CONTENT)
|
||||
file(APPEND tlcp_server_certs.pem "${CERT_CONTENT}")
|
||||
# Root CAs
|
||||
gmssl_generate_root_ca(SM2 sm2_root_ca "GmSSL SM2 Test Root CA")
|
||||
gmssl_generate_root_ca(P256 p256_root_ca "GmSSL P256 Test Root CA")
|
||||
|
||||
file(WRITE tlcp_server_keys.pem "")
|
||||
file(READ signkey.pem KEY_CONTENT)
|
||||
file(APPEND tlcp_server_keys.pem "${KEY_CONTENT}")
|
||||
file(READ enckey.pem KEY_CONTENT)
|
||||
file(APPEND tlcp_server_keys.pem "${KEY_CONTENT}")
|
||||
# SM2 TLS server chain: root -> server CA 1 -> server CA 2 -> server certificate
|
||||
gmssl_generate_ca(SM2 sm2_tls_server_ca1 "GmSSL SM2 TLS Server CA 1"
|
||||
sm2_root_ca_cert.pem sm2_root_ca_key.pem 1)
|
||||
gmssl_generate_ca(SM2 sm2_tls_server_ca2 "GmSSL SM2 TLS Server CA 2"
|
||||
sm2_tls_server_ca1_cert.pem sm2_tls_server_ca1_key.pem 0)
|
||||
gmssl_generate_end_entity(SM2 sm2_tls_server "GmSSL SM2 TLS Server"
|
||||
sm2_tls_server_ca2_cert.pem sm2_tls_server_ca2_key.pem
|
||||
digitalSignature serverAuth localhost OFF)
|
||||
gmssl_write_bundle(sm2_tls_server_certs.pem
|
||||
sm2_tls_server_cert.pem sm2_tls_server_ca2_cert.pem sm2_tls_server_ca1_cert.pem)
|
||||
|
||||
file(WRITE tls_server_certs.pem "")
|
||||
file(READ signcert.pem CERT_CONTENT)
|
||||
file(APPEND tls_server_certs.pem "${CERT_CONTENT}")
|
||||
file(READ cacert.pem CERT_CONTENT)
|
||||
file(APPEND tls_server_certs.pem "${CERT_CONTENT}")
|
||||
# P256 TLS server chain: root -> server CA 1 -> server CA 2 -> server certificate
|
||||
gmssl_generate_ca(P256 p256_tls_server_ca1 "GmSSL P256 TLS Server CA 1"
|
||||
p256_root_ca_cert.pem p256_root_ca_key.pem 1)
|
||||
gmssl_generate_ca(P256 p256_tls_server_ca2 "GmSSL P256 TLS Server CA 2"
|
||||
p256_tls_server_ca1_cert.pem p256_tls_server_ca1_key.pem 0)
|
||||
gmssl_generate_end_entity(P256 p256_tls_server "GmSSL P256 TLS Server"
|
||||
p256_tls_server_ca2_cert.pem p256_tls_server_ca2_key.pem
|
||||
digitalSignature serverAuth localhost ON)
|
||||
gmssl_write_bundle(p256_tls_server_certs.pem
|
||||
p256_tls_server_cert.pem p256_tls_server_ca2_cert.pem p256_tls_server_ca1_cert.pem)
|
||||
gmssl_write_bundle(p256_tls_server_cert_chain.pem
|
||||
p256_tls_server_ca2_cert.pem p256_tls_server_ca1_cert.pem)
|
||||
|
||||
execute_process(
|
||||
COMMAND bin/gmssl p256keygen -pass P@ssw0rd -out p256rootcakey.pem -export p256rootcakey.exp
|
||||
RESULT_VARIABLE TEST_RESULT
|
||||
ERROR_VARIABLE TEST_STDERR
|
||||
)
|
||||
if(NOT ${TEST_RESULT} EQUAL 0)
|
||||
message(FATAL_ERROR "stderr: ${TEST_STDERR}")
|
||||
endif()
|
||||
if(NOT EXISTS p256rootcakey.pem OR NOT EXISTS p256rootcakey.exp)
|
||||
message(FATAL_ERROR "generated file does not exist")
|
||||
endif()
|
||||
# SM2 TLS client chain: root -> client CA -> client certificate
|
||||
gmssl_generate_ca(SM2 sm2_tls_client_ca "GmSSL SM2 TLS Client CA"
|
||||
sm2_root_ca_cert.pem sm2_root_ca_key.pem 0)
|
||||
gmssl_generate_end_entity(SM2 sm2_tls_client "GmSSL SM2 TLS Client"
|
||||
sm2_tls_client_ca_cert.pem sm2_tls_client_ca_key.pem
|
||||
digitalSignature clientAuth "" OFF)
|
||||
gmssl_write_bundle(sm2_tls_client_certs.pem
|
||||
sm2_tls_client_cert.pem sm2_tls_client_ca_cert.pem)
|
||||
|
||||
execute_process(
|
||||
COMMAND bin/gmssl certgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN P256ROOTCA -days 3650 -key p256rootcakey.pem -pass P@ssw0rd -out p256rootcacert.pem -key_usage keyCertSign -key_usage cRLSign -ca
|
||||
RESULT_VARIABLE TEST_RESULT
|
||||
ERROR_VARIABLE TEST_STDERR
|
||||
)
|
||||
if(NOT ${TEST_RESULT} EQUAL 0)
|
||||
message(FATAL_ERROR "stderr: ${TEST_STDERR}")
|
||||
endif()
|
||||
if(NOT EXISTS p256rootcacert.pem)
|
||||
message(FATAL_ERROR "generated file does not exist")
|
||||
endif()
|
||||
# P256 TLS client chain: root -> client CA -> client certificate
|
||||
gmssl_generate_ca(P256 p256_tls_client_ca "GmSSL P256 TLS Client CA"
|
||||
p256_root_ca_cert.pem p256_root_ca_key.pem 0)
|
||||
gmssl_generate_end_entity(P256 p256_tls_client "GmSSL P256 TLS Client"
|
||||
p256_tls_client_ca_cert.pem p256_tls_client_ca_key.pem
|
||||
digitalSignature clientAuth "" ON)
|
||||
gmssl_write_bundle(p256_tls_client_certs.pem
|
||||
p256_tls_client_cert.pem p256_tls_client_ca_cert.pem)
|
||||
|
||||
execute_process(
|
||||
COMMAND bin/gmssl p256keygen -pass P@ssw0rd -out p256cakey.pem -export p256cakey.exp
|
||||
RESULT_VARIABLE TEST_RESULT
|
||||
ERROR_VARIABLE TEST_STDERR
|
||||
)
|
||||
if(NOT ${TEST_RESULT} EQUAL 0)
|
||||
message(FATAL_ERROR "stderr: ${TEST_STDERR}")
|
||||
endif()
|
||||
if(NOT EXISTS p256cakey.pem OR NOT EXISTS p256cakey.exp)
|
||||
message(FATAL_ERROR "generated file does not exist")
|
||||
endif()
|
||||
# OCSP delegated responders for certificates issued by the TLS server CA2s.
|
||||
gmssl_generate_end_entity(SM2 sm2_ocsp_responder "GmSSL SM2 OCSP Responder"
|
||||
sm2_tls_server_ca2_cert.pem sm2_tls_server_ca2_key.pem
|
||||
digitalSignature OCSPSigning "" OFF)
|
||||
gmssl_generate_end_entity(P256 p256_ocsp_responder "GmSSL P256 OCSP Responder"
|
||||
p256_tls_server_ca2_cert.pem p256_tls_server_ca2_key.pem
|
||||
digitalSignature OCSPSigning "" ON)
|
||||
|
||||
execute_process(
|
||||
COMMAND bin/gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN "P256 Sub CA" -key p256cakey.pem -pass P@ssw0rd -out p256careq.pem
|
||||
RESULT_VARIABLE TEST_RESULT
|
||||
ERROR_VARIABLE TEST_STDERR
|
||||
)
|
||||
if(NOT ${TEST_RESULT} EQUAL 0)
|
||||
message(FATAL_ERROR "stderr: ${TEST_STDERR}")
|
||||
endif()
|
||||
if(NOT EXISTS p256careq.pem)
|
||||
message(FATAL_ERROR "generated file does not exist")
|
||||
endif()
|
||||
# TLCP server chain reuses the SM2 TLS server CA chain and adds an encryption certificate.
|
||||
gmssl_generate_end_entity(SM2 sm2_tlcp_server_sign "GmSSL SM2 TLCP Server"
|
||||
sm2_tls_server_ca2_cert.pem sm2_tls_server_ca2_key.pem
|
||||
digitalSignature serverAuth localhost OFF)
|
||||
gmssl_generate_end_entity(SM2 sm2_tlcp_server_enc "GmSSL SM2 TLCP Server"
|
||||
sm2_tls_server_ca2_cert.pem sm2_tls_server_ca2_key.pem
|
||||
keyEncipherment serverAuth localhost OFF)
|
||||
gmssl_write_bundle(sm2_tlcp_server_certs.pem
|
||||
sm2_tlcp_server_sign_cert.pem
|
||||
sm2_tlcp_server_enc_cert.pem
|
||||
sm2_tls_server_ca2_cert.pem
|
||||
sm2_tls_server_ca1_cert.pem)
|
||||
gmssl_write_bundle(sm2_tlcp_server_keys.pem
|
||||
sm2_tlcp_server_sign_key.pem sm2_tlcp_server_enc_key.pem)
|
||||
|
||||
execute_process(
|
||||
COMMAND bin/gmssl reqsign -in p256careq.pem -days 365 -key_usage keyCertSign -path_len_constraint 0 -cacert p256rootcacert.pem -key p256rootcakey.pem -pass P@ssw0rd -out p256cacert.pem -ca
|
||||
RESULT_VARIABLE TEST_RESULT
|
||||
ERROR_VARIABLE TEST_STDERR
|
||||
)
|
||||
if(NOT ${TEST_RESULT} EQUAL 0)
|
||||
message(FATAL_ERROR "stderr: ${TEST_STDERR}")
|
||||
endif()
|
||||
if(NOT EXISTS p256cacert.pem)
|
||||
message(FATAL_ERROR "generated file does not exist")
|
||||
endif()
|
||||
|
||||
execute_process(
|
||||
COMMAND bin/gmssl p256keygen -pass P@ssw0rd -out p256signkey.pem -export p256signkey.exp
|
||||
RESULT_VARIABLE TEST_RESULT
|
||||
ERROR_VARIABLE TEST_STDERR
|
||||
)
|
||||
if(NOT ${TEST_RESULT} EQUAL 0)
|
||||
message(FATAL_ERROR "stderr: ${TEST_STDERR}")
|
||||
endif()
|
||||
if(NOT EXISTS p256signkey.pem OR NOT EXISTS p256signkey.exp)
|
||||
message(FATAL_ERROR "generated file does not exist")
|
||||
endif()
|
||||
|
||||
execute_process(
|
||||
COMMAND bin/gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN 127.0.0.1 -key p256signkey.pem -pass P@ssw0rd -out p256signreq.pem
|
||||
RESULT_VARIABLE TEST_RESULT
|
||||
ERROR_VARIABLE TEST_STDERR
|
||||
)
|
||||
if(NOT ${TEST_RESULT} EQUAL 0)
|
||||
message(FATAL_ERROR "stderr: ${TEST_STDERR}")
|
||||
endif()
|
||||
if(NOT EXISTS p256signreq.pem)
|
||||
message(FATAL_ERROR "generated file does not exist")
|
||||
endif()
|
||||
|
||||
execute_process(
|
||||
COMMAND bin/gmssl reqsign -in p256signreq.pem -days 365 -key_usage digitalSignature -cacert p256cacert.pem -key p256cakey.pem -pass P@ssw0rd -subject_dns_name 127.0.0.1 -out p256signcert.pem
|
||||
RESULT_VARIABLE TEST_RESULT
|
||||
ERROR_VARIABLE TEST_STDERR
|
||||
)
|
||||
if(NOT ${TEST_RESULT} EQUAL 0)
|
||||
message(FATAL_ERROR "stderr: ${TEST_STDERR}")
|
||||
endif()
|
||||
if(NOT EXISTS p256signcert.pem)
|
||||
message(FATAL_ERROR "generated file does not exist")
|
||||
endif()
|
||||
|
||||
file(WRITE p256certs.pem "")
|
||||
file(READ p256signcert.pem CERT_CONTENT)
|
||||
file(APPEND p256certs.pem "${CERT_CONTENT}")
|
||||
file(READ p256cacert.pem CERT_CONTENT)
|
||||
file(APPEND p256certs.pem "${CERT_CONTENT}")
|
||||
|
||||
file(WRITE rootcacerts.pem "")
|
||||
file(READ rootcacert.pem CERT_CONTENT)
|
||||
file(APPEND rootcacerts.pem "${CERT_CONTENT}")
|
||||
file(READ p256rootcacert.pem CERT_CONTENT)
|
||||
file(APPEND rootcacerts.pem "${CERT_CONTENT}")
|
||||
gmssl_write_bundle(test_root_certs.pem
|
||||
sm2_root_ca_cert.pem p256_root_ca_cert.pem)
|
||||
|
||||
@@ -7,12 +7,13 @@ if(NOT OPENSSL_EXECUTABLE)
|
||||
message(FATAL_ERROR "openssl executable not found")
|
||||
endif()
|
||||
|
||||
gmssl_require_file(p256rootcacert.pem)
|
||||
gmssl_require_file(p256cacert.pem)
|
||||
gmssl_require_file(p256signcert.pem)
|
||||
gmssl_require_file(p256certs.pem)
|
||||
gmssl_require_file(p256signkey.pem)
|
||||
gmssl_require_file(p256signkey.exp)
|
||||
gmssl_require_file(p256_root_ca_cert.pem)
|
||||
gmssl_require_file(p256_tls_server_ca2_cert.pem)
|
||||
gmssl_require_file(p256_tls_server_cert.pem)
|
||||
gmssl_require_file(p256_tls_server_cert_chain.pem)
|
||||
gmssl_require_file(p256_tls_server_certs.pem)
|
||||
gmssl_require_file(p256_tls_server_key.pem)
|
||||
gmssl_require_file(p256_tls_server_key.exp)
|
||||
|
||||
if(NOT DEFINED TEST_CASE)
|
||||
set(TEST_CASE tls12_openssl_server)
|
||||
@@ -23,8 +24,8 @@ set(TLS13_PSK 1122334455667788112233445566778811223344556677881122334455667788)
|
||||
if(TEST_CASE STREQUAL tls12_openssl_server)
|
||||
set(TEST_NAME tls12_openssl_server)
|
||||
set(TEST_PORT 4450)
|
||||
set(SERVER_COMMAND "${OPENSSL_EXECUTABLE} s_server -accept ${TEST_PORT} -cert p256signcert.pem -cert_chain p256cacert.pem -key p256signkey.exp -tls1_2 -cipher ECDHE-ECDSA-AES128-SHA256 -named_curve prime256v1 -www -naccept 1 -quiet")
|
||||
set(CLIENT_COMMAND "bin/gmssl tls12_client -host 127.0.0.1 -port ${TEST_PORT} -server_name 127.0.0.1 -cacert p256rootcacert.pem -cipher_suite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 -supported_group prime256v1 -sig_alg ecdsa_secp256r1_sha256 -get /")
|
||||
set(SERVER_COMMAND "${OPENSSL_EXECUTABLE} s_server -accept ${TEST_PORT} -cert p256_tls_server_cert.pem -cert_chain p256_tls_server_cert_chain.pem -key p256_tls_server_key.exp -tls1_2 -cipher ECDHE-ECDSA-AES128-SHA256 -named_curve prime256v1 -www -naccept 1 -quiet")
|
||||
set(CLIENT_COMMAND "bin/gmssl tls12_client -host 127.0.0.1 -port ${TEST_PORT} -server_name localhost -cacert p256_root_ca_cert.pem -cipher_suite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 -supported_group prime256v1 -sig_alg ecdsa_secp256r1_sha256 -get /")
|
||||
gmssl_run_command_interop_test(
|
||||
TEST_NAME ${TEST_NAME}
|
||||
PORT ${TEST_PORT}
|
||||
@@ -34,8 +35,8 @@ if(TEST_CASE STREQUAL tls12_openssl_server)
|
||||
elseif(TEST_CASE STREQUAL tls12_openssl_client)
|
||||
set(TEST_NAME tls12_openssl_client)
|
||||
set(TEST_PORT 4451)
|
||||
set(SERVER_COMMAND "bin/gmssl tls12_server -port ${TEST_PORT} -cert p256certs.pem -key p256signkey.pem -pass P@ssw0rd -cipher_suite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 -supported_group prime256v1 -sig_alg ecdsa_secp256r1_sha256 -renegotiation_info")
|
||||
set(CLIENT_COMMAND "printf 'GET / HTTP/1.0\\r\\n\\r\\n' | ${OPENSSL_EXECUTABLE} s_client -connect 127.0.0.1:${TEST_PORT} -tls1_2 -CAfile p256rootcacert.pem -cipher ECDHE-ECDSA-AES128-SHA256 -groups prime256v1 -servername 127.0.0.1 -brief")
|
||||
set(SERVER_COMMAND "bin/gmssl tls12_server -port ${TEST_PORT} -cert p256_tls_server_certs.pem -key p256_tls_server_key.pem -pass P@ssw0rd -cipher_suite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 -supported_group prime256v1 -sig_alg ecdsa_secp256r1_sha256 -renegotiation_info")
|
||||
set(CLIENT_COMMAND "printf 'GET / HTTP/1.0\\r\\n\\r\\n' | ${OPENSSL_EXECUTABLE} s_client -connect 127.0.0.1:${TEST_PORT} -tls1_2 -CAfile p256_root_ca_cert.pem -cipher ECDHE-ECDSA-AES128-SHA256 -groups prime256v1 -servername localhost -brief")
|
||||
gmssl_run_command_interop_test(
|
||||
TEST_NAME ${TEST_NAME}
|
||||
PORT ${TEST_PORT}
|
||||
@@ -45,8 +46,8 @@ elseif(TEST_CASE STREQUAL tls12_openssl_client)
|
||||
elseif(TEST_CASE STREQUAL tls13_openssl_server)
|
||||
set(TEST_NAME tls13_openssl_server)
|
||||
set(TEST_PORT 4452)
|
||||
set(SERVER_COMMAND "${OPENSSL_EXECUTABLE} s_server -accept ${TEST_PORT} -cert p256signcert.pem -cert_chain p256cacert.pem -key p256signkey.exp -tls1_3 -ciphersuites TLS_AES_128_GCM_SHA256 -groups prime256v1 -no_middlebox -www -naccept 1 -quiet")
|
||||
set(CLIENT_COMMAND "bin/gmssl tls13_client -host 127.0.0.1 -port ${TEST_PORT} -server_name 127.0.0.1 -cacert p256rootcacert.pem -cipher_suite TLS_AES_128_GCM_SHA256 -supported_group prime256v1 -sig_alg ecdsa_secp256r1_sha256 -get /")
|
||||
set(SERVER_COMMAND "${OPENSSL_EXECUTABLE} s_server -accept ${TEST_PORT} -cert p256_tls_server_cert.pem -cert_chain p256_tls_server_cert_chain.pem -key p256_tls_server_key.exp -tls1_3 -ciphersuites TLS_AES_128_GCM_SHA256 -groups prime256v1 -no_middlebox -www -naccept 1 -quiet")
|
||||
set(CLIENT_COMMAND "bin/gmssl tls13_client -host 127.0.0.1 -port ${TEST_PORT} -server_name localhost -cacert p256_root_ca_cert.pem -cipher_suite TLS_AES_128_GCM_SHA256 -supported_group prime256v1 -sig_alg ecdsa_secp256r1_sha256 -get /")
|
||||
gmssl_run_command_interop_test(
|
||||
TEST_NAME ${TEST_NAME}
|
||||
PORT ${TEST_PORT}
|
||||
@@ -56,8 +57,8 @@ elseif(TEST_CASE STREQUAL tls13_openssl_server)
|
||||
elseif(TEST_CASE STREQUAL tls13_openssl_client)
|
||||
set(TEST_NAME tls13_openssl_client)
|
||||
set(TEST_PORT 4453)
|
||||
set(SERVER_COMMAND "bin/gmssl tls13_server -port ${TEST_PORT} -cert p256certs.pem -key p256signkey.pem -pass P@ssw0rd -cipher_suite TLS_AES_128_GCM_SHA256 -supported_group prime256v1 -sig_alg ecdsa_secp256r1_sha256")
|
||||
set(CLIENT_COMMAND "printf 'GET / HTTP/1.0\\r\\n\\r\\n' | ${OPENSSL_EXECUTABLE} s_client -connect 127.0.0.1:${TEST_PORT} -tls1_3 -CAfile p256rootcacert.pem -ciphersuites TLS_AES_128_GCM_SHA256 -groups prime256v1 -sigalgs ecdsa_secp256r1_sha256 -no_middlebox -brief")
|
||||
set(SERVER_COMMAND "bin/gmssl tls13_server -port ${TEST_PORT} -cert p256_tls_server_certs.pem -key p256_tls_server_key.pem -pass P@ssw0rd -cipher_suite TLS_AES_128_GCM_SHA256 -supported_group prime256v1 -sig_alg ecdsa_secp256r1_sha256")
|
||||
set(CLIENT_COMMAND "printf 'GET / HTTP/1.0\\r\\n\\r\\n' | ${OPENSSL_EXECUTABLE} s_client -connect 127.0.0.1:${TEST_PORT} -tls1_3 -CAfile p256_root_ca_cert.pem -ciphersuites TLS_AES_128_GCM_SHA256 -groups prime256v1 -sigalgs ecdsa_secp256r1_sha256 -servername localhost -no_middlebox -brief")
|
||||
gmssl_run_command_interop_test(
|
||||
TEST_NAME ${TEST_NAME}
|
||||
PORT ${TEST_PORT}
|
||||
@@ -67,8 +68,8 @@ elseif(TEST_CASE STREQUAL tls13_openssl_client)
|
||||
elseif(TEST_CASE STREQUAL tls13_hrr_openssl_client)
|
||||
set(TEST_NAME tls13_hrr_openssl_client)
|
||||
set(TEST_PORT 4454)
|
||||
set(SERVER_COMMAND "bin/gmssl tls13_server -port ${TEST_PORT} -cert p256certs.pem -key p256signkey.pem -pass P@ssw0rd -cipher_suite TLS_AES_128_GCM_SHA256 -supported_group prime256v1 -sig_alg ecdsa_secp256r1_sha256 -verbose")
|
||||
set(CLIENT_COMMAND "printf 'GET / HTTP/1.0\\r\\n\\r\\n' | ${OPENSSL_EXECUTABLE} s_client -connect 127.0.0.1:${TEST_PORT} -tls1_3 -CAfile p256rootcacert.pem -ciphersuites TLS_AES_128_GCM_SHA256 -groups secp384r1:prime256v1 -sigalgs ecdsa_secp256r1_sha256 -no_middlebox -brief -msg")
|
||||
set(SERVER_COMMAND "bin/gmssl tls13_server -port ${TEST_PORT} -cert p256_tls_server_certs.pem -key p256_tls_server_key.pem -pass P@ssw0rd -cipher_suite TLS_AES_128_GCM_SHA256 -supported_group prime256v1 -sig_alg ecdsa_secp256r1_sha256 -verbose")
|
||||
set(CLIENT_COMMAND "printf 'GET / HTTP/1.0\\r\\n\\r\\n' | ${OPENSSL_EXECUTABLE} s_client -connect 127.0.0.1:${TEST_PORT} -tls1_3 -CAfile p256_root_ca_cert.pem -ciphersuites TLS_AES_128_GCM_SHA256 -groups secp384r1:prime256v1 -sigalgs ecdsa_secp256r1_sha256 -servername localhost -no_middlebox -brief -msg")
|
||||
gmssl_run_command_interop_test(
|
||||
TEST_NAME ${TEST_NAME}
|
||||
PORT ${TEST_PORT}
|
||||
@@ -90,7 +91,7 @@ elseif(TEST_CASE STREQUAL tls13_psk_dhe_openssl_server)
|
||||
elseif(TEST_CASE STREQUAL tls13_psk_dhe_openssl_client)
|
||||
set(TEST_NAME tls13_psk_dhe_openssl_client)
|
||||
set(TEST_PORT 4456)
|
||||
set(SERVER_COMMAND "bin/gmssl tls13_server -port ${TEST_PORT} -cert p256certs.pem -key p256signkey.pem -pass P@ssw0rd -cipher_suite TLS_AES_128_GCM_SHA256 -supported_group prime256v1 -psk_dhe_ke -psk_identity 001 -psk_cipher_suite TLS_AES_128_GCM_SHA256 -psk_key ${TLS13_PSK}")
|
||||
set(SERVER_COMMAND "bin/gmssl tls13_server -port ${TEST_PORT} -cert p256_tls_server_certs.pem -key p256_tls_server_key.pem -pass P@ssw0rd -cipher_suite TLS_AES_128_GCM_SHA256 -supported_group prime256v1 -psk_dhe_ke -psk_identity 001 -psk_cipher_suite TLS_AES_128_GCM_SHA256 -psk_key ${TLS13_PSK}")
|
||||
set(CLIENT_COMMAND "printf 'GET / HTTP/1.0\\r\\n\\r\\n' | ${OPENSSL_EXECUTABLE} s_client -connect 127.0.0.1:${TEST_PORT} -tls1_3 -psk_identity 001 -psk ${TLS13_PSK} -ciphersuites TLS_AES_128_GCM_SHA256 -groups prime256v1 -no_middlebox -brief")
|
||||
gmssl_run_command_interop_test(
|
||||
TEST_NAME ${TEST_NAME}
|
||||
@@ -112,7 +113,7 @@ elseif(TEST_CASE STREQUAL tls13_psk_only_openssl_server)
|
||||
elseif(TEST_CASE STREQUAL tls13_psk_only_openssl_client)
|
||||
set(TEST_NAME tls13_psk_only_openssl_client)
|
||||
set(TEST_PORT 4458)
|
||||
set(SERVER_COMMAND "bin/gmssl tls13_server -port ${TEST_PORT} -cert p256certs.pem -key p256signkey.pem -pass P@ssw0rd -cipher_suite TLS_AES_128_GCM_SHA256 -psk_ke -psk_identity 001 -psk_cipher_suite TLS_AES_128_GCM_SHA256 -psk_key ${TLS13_PSK}")
|
||||
set(SERVER_COMMAND "bin/gmssl tls13_server -port ${TEST_PORT} -cert p256_tls_server_certs.pem -key p256_tls_server_key.pem -pass P@ssw0rd -cipher_suite TLS_AES_128_GCM_SHA256 -psk_ke -psk_identity 001 -psk_cipher_suite TLS_AES_128_GCM_SHA256 -psk_key ${TLS13_PSK}")
|
||||
set(CLIENT_COMMAND "printf 'GET / HTTP/1.0\\r\\n\\r\\n' | ${OPENSSL_EXECUTABLE} s_client -connect 127.0.0.1:${TEST_PORT} -tls1_3 -psk_identity 001 -psk ${TLS13_PSK} -ciphersuites TLS_AES_128_GCM_SHA256 -allow_no_dhe_kex -prefer_no_dhe_kex -no_middlebox -brief")
|
||||
gmssl_run_command_interop_test(
|
||||
TEST_NAME ${TEST_NAME}
|
||||
|
||||
@@ -1,8 +1,8 @@
|
||||
include("${CMAKE_CURRENT_LIST_DIR}/tls_command_test.cmake")
|
||||
|
||||
gmssl_require_file(rootcacert.pem)
|
||||
gmssl_require_file(tlcp_server_certs.pem)
|
||||
gmssl_require_file(tlcp_server_keys.pem)
|
||||
gmssl_require_file(sm2_root_ca_cert.pem)
|
||||
gmssl_require_file(sm2_tlcp_server_certs.pem)
|
||||
gmssl_require_file(sm2_tlcp_server_keys.pem)
|
||||
|
||||
if(NOT DEFINED TEST_CASE)
|
||||
set(TEST_CASE tlcp_sm4_cbc)
|
||||
@@ -27,15 +27,15 @@ gmssl_run_tls_command_test(
|
||||
tlcp_server
|
||||
-port ${TEST_PORT}
|
||||
-cipher_suite ${TEST_CIPHER_SUITE}
|
||||
-cert tlcp_server_certs.pem
|
||||
-key tlcp_server_keys.pem
|
||||
-cert sm2_tlcp_server_certs.pem
|
||||
-key sm2_tlcp_server_keys.pem
|
||||
-pass P@ssw0rd
|
||||
CLIENT_ARGS
|
||||
tlcp_client
|
||||
-host 127.0.0.1
|
||||
-port ${TEST_PORT}
|
||||
-server_name localhost
|
||||
-cacert rootcacert.pem
|
||||
-cacert sm2_root_ca_cert.pem
|
||||
-cipher_suite ${TEST_CIPHER_SUITE}
|
||||
-in ${TEST_NAME}_message.txt
|
||||
)
|
||||
|
||||
@@ -1,8 +1,8 @@
|
||||
include("${CMAKE_CURRENT_LIST_DIR}/tls_command_test.cmake")
|
||||
|
||||
gmssl_require_file(rootcacert.pem)
|
||||
gmssl_require_file(tls_server_certs.pem)
|
||||
gmssl_require_file(signkey.pem)
|
||||
gmssl_require_file(sm2_root_ca_cert.pem)
|
||||
gmssl_require_file(sm2_tls_server_certs.pem)
|
||||
gmssl_require_file(sm2_tls_server_key.pem)
|
||||
|
||||
if(NOT DEFINED TEST_CASE)
|
||||
set(TEST_CASE tls12_sm4_cbc)
|
||||
@@ -26,8 +26,8 @@ gmssl_run_tls_command_test(
|
||||
SERVER_ARGS
|
||||
tls12_server
|
||||
-port ${TEST_PORT}
|
||||
-cert tls_server_certs.pem
|
||||
-key signkey.pem
|
||||
-cert sm2_tls_server_certs.pem
|
||||
-key sm2_tls_server_key.pem
|
||||
-pass P@ssw0rd
|
||||
-cipher_suite ${TEST_CIPHER_SUITE}
|
||||
-supported_group sm2p256v1
|
||||
@@ -37,7 +37,7 @@ gmssl_run_tls_command_test(
|
||||
-host 127.0.0.1
|
||||
-port ${TEST_PORT}
|
||||
-server_name localhost
|
||||
-cacert rootcacert.pem
|
||||
-cacert sm2_root_ca_cert.pem
|
||||
-cipher_suite ${TEST_CIPHER_SUITE}
|
||||
-supported_group sm2p256v1
|
||||
-sig_alg sm2sig_sm3
|
||||
|
||||
@@ -1,8 +1,8 @@
|
||||
include("${CMAKE_CURRENT_LIST_DIR}/tls_command_test.cmake")
|
||||
|
||||
gmssl_require_file(rootcacert.pem)
|
||||
gmssl_require_file(tls_server_certs.pem)
|
||||
gmssl_require_file(signkey.pem)
|
||||
gmssl_require_file(sm2_root_ca_cert.pem)
|
||||
gmssl_require_file(sm2_tls_server_certs.pem)
|
||||
gmssl_require_file(sm2_tls_server_key.pem)
|
||||
|
||||
set(TLS13_PSK 1122334455667788112233445566778811223344556677881122334455667788)
|
||||
|
||||
@@ -17,8 +17,8 @@ if(TEST_CASE STREQUAL tls13_sm4_gcm)
|
||||
SERVER_ARGS
|
||||
tls13_server
|
||||
-port 4433
|
||||
-cert tls_server_certs.pem
|
||||
-key signkey.pem
|
||||
-cert sm2_tls_server_certs.pem
|
||||
-key sm2_tls_server_key.pem
|
||||
-pass P@ssw0rd
|
||||
-cipher_suite TLS_SM4_GCM_SM3
|
||||
-supported_group sm2p256v1
|
||||
@@ -28,7 +28,7 @@ if(TEST_CASE STREQUAL tls13_sm4_gcm)
|
||||
-host 127.0.0.1
|
||||
-port 4433
|
||||
-server_name localhost
|
||||
-cacert rootcacert.pem
|
||||
-cacert sm2_root_ca_cert.pem
|
||||
-cipher_suite TLS_SM4_GCM_SM3
|
||||
-supported_group sm2p256v1
|
||||
-sig_alg sm2sig_sm3
|
||||
@@ -42,8 +42,8 @@ elseif(TEST_CASE STREQUAL tls13_hrr_sm4_gcm)
|
||||
SERVER_ARGS
|
||||
tls13_server
|
||||
-port 4460
|
||||
-cert tls_server_certs.pem
|
||||
-key signkey.pem
|
||||
-cert sm2_tls_server_certs.pem
|
||||
-key sm2_tls_server_key.pem
|
||||
-pass P@ssw0rd
|
||||
-cipher_suite TLS_SM4_GCM_SM3
|
||||
-supported_group sm2p256v1
|
||||
@@ -54,7 +54,7 @@ elseif(TEST_CASE STREQUAL tls13_hrr_sm4_gcm)
|
||||
-host 127.0.0.1
|
||||
-port 4460
|
||||
-server_name localhost
|
||||
-cacert rootcacert.pem
|
||||
-cacert sm2_root_ca_cert.pem
|
||||
-cipher_suite TLS_SM4_GCM_SM3
|
||||
-supported_group prime256v1
|
||||
-supported_group sm2p256v1
|
||||
@@ -70,8 +70,8 @@ elseif(TEST_CASE STREQUAL tls13_psk_dhe_sm4_gcm)
|
||||
SERVER_ARGS
|
||||
tls13_server
|
||||
-port 4437
|
||||
-cert tls_server_certs.pem
|
||||
-key signkey.pem
|
||||
-cert sm2_tls_server_certs.pem
|
||||
-key sm2_tls_server_key.pem
|
||||
-pass P@ssw0rd
|
||||
-cipher_suite TLS_SM4_GCM_SM3
|
||||
-supported_group sm2p256v1
|
||||
@@ -98,8 +98,8 @@ elseif(TEST_CASE STREQUAL tls13_psk_only_sm4_gcm)
|
||||
SERVER_ARGS
|
||||
tls13_server
|
||||
-port 4461
|
||||
-cert tls_server_certs.pem
|
||||
-key signkey.pem
|
||||
-cert sm2_tls_server_certs.pem
|
||||
-key sm2_tls_server_key.pem
|
||||
-pass P@ssw0rd
|
||||
-cipher_suite TLS_SM4_GCM_SM3
|
||||
-psk_ke
|
||||
@@ -125,8 +125,8 @@ elseif(TEST_CASE STREQUAL tls13_early_data_sm4_gcm)
|
||||
SERVER_ARGS
|
||||
tls13_server
|
||||
-port 4462
|
||||
-cert tls_server_certs.pem
|
||||
-key signkey.pem
|
||||
-cert sm2_tls_server_certs.pem
|
||||
-key sm2_tls_server_key.pem
|
||||
-pass P@ssw0rd
|
||||
-cipher_suite TLS_SM4_GCM_SM3
|
||||
-psk_ke
|
||||
|
||||
@@ -18,7 +18,7 @@ extern "C" {
|
||||
|
||||
|
||||
#define GMSSL_VERSION_NUM 30200
|
||||
#define GMSSL_VERSION_STR "GmSSL 3.2.0-dev.1111"
|
||||
#define GMSSL_VERSION_STR "GmSSL 3.2.0-dev.1112"
|
||||
|
||||
int gmssl_version_num(void);
|
||||
const char *gmssl_version_str(void);
|
||||
|
||||
Reference in New Issue
Block a user