certtool emits the following message if --verify-profile is not
passed:
Note that no verification profile was selected. In the future the medium profile will be enabled by default.
Use --verify-profile low to apply the default verification of NORMAL priority string.
Pass the --verify-profile option if certtool supports it (since ~3.6.12).
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
source ${TESTDIR}/common
+if [ -n "$(${CERTTOOL} --help | grep -E "\-\-verify-profile")" ]; then
+ verify_profile="--verify-profile=medium"
+fi
+
trap "cleanup" SIGTERM EXIT
function cleanup()
${CERTTOOL} \
--verify \
+ ${verify_profile} \
--load-ca-certificate "${ISSUERCERT}" \
--infile "${workdir}/ek.pem"
if [ $? -ne 0 ]; then
source ${TESTDIR}/common
+if [ -n "$(${CERTTOOL} --help | grep -E "\-\-verify-profile")" ]; then
+ verify_profile="--verify-profile=medium"
+fi
+
trap "cleanup" SIGTERM EXIT
function cleanup()
GNUTLS_PIN=${PIN} ${CERTTOOL} \
--verify \
+ ${verify_profile} \
--load-ca-certificate ${ISSUERCERT} \
--infile ${workdir}/ek.pem
if [ $? -ne 0 ]; then