tyler.durden/audk - audk - Gitea: Git with a cup of tea

Commit Graph

Author	SHA1	Message	Date
Long Qin	f536d7c3ed	BaseTools/Pkcs7Sign: Update the test certificates & Readme.md The old TestRoot certificate used for Pkcs7Sign is not compliant to Root CA certificate requirement with incorrect basic constraints and key usage setting. When OpenSSL in CryptoPkg was updated from 1.0.2xx to the latest 1.1.0xx, the CA certificate checking was enforced for more extension validations, which will raise the verification failure when stilling using the old sample certificates. This patch re-generated one set of test certificates used in Pkcs7Sign demo, and updated the corresponding Readme.md to describe how to set the options in openssl configuration file. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Eric Dong <eric.dong@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Long Qin <qin.long@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>	2017-04-12 13:15:24 +08:00
Jiewen Yao	e9d0933d45	BaseTool/Pkcs7: Add TestRoot.cer. We add this binary data file for TestRoot.cer. So that a platform may include this default file in FDF, to check if the platform is using default test key, or different production key. Cc: Yonghong Zhu <yonghong.zhu@intel.com> Cc: Liming Gao <liming.gao@intel.com> Cc: Michael D Kinney <michael.d.kinney@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Jiewen Yao <jiewen.yao@intel.com> Reviewed-by: Yonghong Zhu <yonghong.zhu@intel.com> Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>	2016-11-03 13:44:45 +08:00

Author

SHA1

Message

Date

Long Qin

f536d7c3ed

BaseTools/Pkcs7Sign: Update the test certificates & Readme.md

The old TestRoot certificate used for Pkcs7Sign is not compliant to
Root CA certificate requirement with incorrect basic constraints and
key usage setting.
When OpenSSL in CryptoPkg was updated from 1.0.2xx to the latest
1.1.0xx, the CA certificate checking was enforced for more extension
validations, which will raise the verification failure when stilling
using the old sample certificates.

This patch re-generated one set of test certificates used in
Pkcs7Sign demo, and updated the corresponding Readme.md to describe
how to set the options in openssl configuration file.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Long Qin <qin.long@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>

2017-04-12 13:15:24 +08:00

Jiewen Yao

e9d0933d45

BaseTool/Pkcs7: Add TestRoot.cer.

We add this binary data file for TestRoot.cer.
So that a platform may include this default file in FDF,
to check if the platform is using default test key,
or different production key.

Cc: Yonghong Zhu <yonghong.zhu@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Yonghong Zhu <yonghong.zhu@intel.com>
Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>

2016-11-03 13:44:45 +08:00

2 Commits