New commits:
commit 8333e0263c7ce3ac80820912b7a9c66b2f7c9f61
Merge: fe971386ae 4ef60cb285
Author: Andrew Cagney <[email protected]>
Date: Sat Mar 1 09:25:29 2025 -0500
testing x509: work around dist_certs.py's .p12 files on f41 being unloadable
It isn't clear why but NSS refuses to load .p12 files built using:
blob = pkcs12.serialize_key_and_certificates(name.encode('utf-8'),
key, cert, [ca_cert],
serialization.BestAvailableEncryption(PASSPHRASE))
with open(path + name + ".p12", "wb") as f:
f.write(blob)
the work-around is to instead assemble them using:
cmd = (f"openssl pkcs12" +
f" -export" +
f" -passout pass:foobar" +
f" -in certs/{name}.crt" +
f" -inkey keys/{name}.key" +
f" -name {name}" +
f" -out pkcs12/{signer}/{name}.p12" +
f" -certfile real/mainca/root.cert" +
f"")
print(cmd, subprocess.getoutput(cmd))
making NSS happy.
close #2062 can't import f41 generated pyOpenSSL .p12
Merge commit '4ef60cb285d4d88ca2dab3e3797c4a83ca523bd4'
commit 4ef60cb285d4d88ca2dab3e3797c4a83ca523bd4
Author: Andrew Cagney <[email protected]>
Date: Sat Mar 1 09:23:20 2025 -0500
testing: update nss-cert-chain-* tests
shuffle order of certs in NSS DB
(it's because the way the .p12 is built was changed)
commit a262025b3360838ea59093694ea79595162df722
Author: Andrew Cagney <[email protected]>
Date: Fri Feb 28 20:20:20 2025 -0500
f41: testing x509: in dist_certs.py, build .p12 using <openssl pkcs12>
and not python code
commit 99d7dc36d17a4553cc474fdca59c2831f3ea73e5
Author: Andrew Cagney <[email protected]>
Date: Fri Feb 28 18:44:32 2025 -0500
testing x509: trim deadwood from dist_certs.py
commit 8a566e827da2500739d2986ca670e8b3c3167219
Author: Andrew Cagney <[email protected]>
Date: Fri Feb 28 18:44:59 2025 -0500
testing x509: tweak generate.sh's indentation
_______________________________________________
Swan-commit mailing list -- [email protected]
To unsubscribe send an email to [email protected]