git.proxmox.com Git - mirror

author	Long Qin <qin.long@intel.com>
	Tue, 11 Apr 2017 07:36:54 +0000 (15:36 +0800)
committer	Long Qin <qin.long@intel.com>
	Wed, 12 Apr 2017 05:15:24 +0000 (13:15 +0800)
commit	f536d7c3ed3e86f45c6e9568c6c0eda1f9b24dc5
tree	f69a780ca162b6df557a791f41971125b9ec6d18	tree
parent	c5719579ce8c5dec503a53ff02ce1be4899b2852	commit \| diff

BaseTools/Pkcs7Sign: Update the test certificates & Readme.md

The old TestRoot certificate used for Pkcs7Sign is not compliant to
Root CA certificate requirement with incorrect basic constraints and
key usage setting.
When OpenSSL in CryptoPkg was updated from 1.0.2xx to the latest
1.1.0xx, the CA certificate checking was enforced for more extension
validations, which will raise the verification failure when stilling
using the old sample certificates.

This patch re-generated one set of test certificates used in
Pkcs7Sign demo, and updated the corresponding Readme.md to describe
how to set the options in openssl configuration file.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Long Qin <qin.long@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>

BaseTools/Source/Python/Pkcs7Sign/Readme.md		diff \| blob \| blame \| history
BaseTools/Source/Python/Pkcs7Sign/TestCert.pem		diff \| blob \| blame \| history
BaseTools/Source/Python/Pkcs7Sign/TestCert.pub.pem		diff \| blob \| blame \| history
BaseTools/Source/Python/Pkcs7Sign/TestRoot.cer		diff \| blob \| blame \| history
BaseTools/Source/Python/Pkcs7Sign/TestRoot.pem		diff \| blob \| blame \| history
BaseTools/Source/Python/Pkcs7Sign/TestRoot.pub.pem		diff \| blob \| blame \| history
BaseTools/Source/Python/Pkcs7Sign/TestSub.pem		diff \| blob \| blame \| history
BaseTools/Source/Python/Pkcs7Sign/TestSub.pub.pem		diff \| blob \| blame \| history