BaseTools/Pkcs7Sign: Update the test certificates & Readme.md

The old TestRoot certificate used for Pkcs7Sign is not compliant to Root CA certificate requirement with incorrect basic constraints and key usage setting. When OpenSSL in CryptoPkg was updated from 1.0.2xx to the latest 1.1.0xx, the CA certificate checking was enforced for more extension validations, which will raise the verification failure when stilling using the old sample certificates. This patch re-generated one set of test certificates used in Pkcs7Sign demo, and updated the corresponding Readme.md to describe how to set the options in openssl configuration file. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Eric Dong <eric.dong@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Long Qin <qin.long@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
2017-04-11 15:36:54 +08:00
parent c5719579ce
commit f536d7c3ed
8 changed files with 286 additions and 230 deletions
--- a/BaseTools/Source/Python/Pkcs7Sign/TestRoot.pub.pem
+++ b/BaseTools/Source/Python/Pkcs7Sign/TestRoot.pub.pem
@ -1,18 +1,23 @@
-----BEGIN CERTIFICATE-----
-MIIC8DCCAdygAwIBAgIQNDAnfwU9lYVDoKT1DJrnyjAJBgUrDgMCHQUAMBMxETAP
-BgNVBAMTCFRlc3RSb290MB4XDTE2MDgwNDE1MDE0OFoXDTM5MTIzMTIzNTk1OVow
-EzERMA8GA1UEAxMIVGVzdFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
-AoIBAQCU5jNPVsMHoNCZV8PhVkIBcFkcL0pmjzSek7227JKkkFFdxo+1w4YV32CA
-vrh4WVub/SeSaczKjj6egUdbhO9cm7NKQ1uNCzEEALaKwKn1IdA/zbBnfVAzLvsb
-LBYu7lYBh/bI1FMHZ5kLRr8dkMbbf21iDEqsqKI8eQ+tj/7B6OUnPfmmmh3sml9i
-US6YHSm6a4r7Qw5oKfW+Z0hEKEX+HTtQcmrAuwyfAmGtY6eH9jKfPhZc7swFvRfo
-RlKvUIqmfhZpg2lbbk3Hz4C4zfZmP75soOicJmC6qQXdcUq9AKgM91CrRNY+hyE8
-LeYzJ14hJ7ncOEjWOpbhF0dlZc49AgMBAAGjSDBGMEQGA1UdAQQ9MDuAEM61es/l
-Icdr8+yS1L9lKjWhFTATMREwDwYDVQQDEwhUZXN0Um9vdIIQNDAnfwU9lYVDoKT1
-DJrnyjAJBgUrDgMCHQUAA4IBAQBrDeAK0O5bP7ZzSGLo9Fvh7dkAxeUOaPtTMzBq
-YLruOFtRY3DVfgX+5EUqFWIb/Nh1k1b25gaFIfcIRya5/gVOkCJU9DkJTFyOzXw7
-r0stGAb0XCQqZPdZdSiXqZAsukYCamRmSTLLXTT+JOREsMKtFxsFfdNYiC6+Dtcr
-yly/KCU92Ls8OFLmJ/rSuEVrX39LsCMF6K9n6OJsL5/4c3/DF7yyalsq82vT3H/f
-L9CrBgz+A+eNguyEPch97ctqWzVIVQf7qngaAbuYRYvaiuMhV4YVIxdQG5y8Glmo
-Kq06fgEkg/ewYea9T9mRkKcquQw7q5UgHPB0zgK6FF3xkSVK
-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIID7DCCAtSgAwIBAgIJAMCRxeK3ZsD4MA0GCSqGSIb3DQEBCwUAMIGCMQswCQYD
+VQQGEwJDTjELMAkGA1UECAwCU0gxCzAJBgNVBAcMAlNIMRIwEAYDVQQKDAlUaWFu
+b0NvcmUxDjAMBgNVBAsMBUVES0lJMREwDwYDVQQDDAhUZXN0Um9vdDEiMCAGCSqG
+SIb3DQEJARYTZWRraWlAdGlhbm9jb3JlLm9yZzAeFw0xNzA0MTAwODI3NDBaFw0x
+NzA1MTAwODI3NDBaMIGCMQswCQYDVQQGEwJDTjELMAkGA1UECAwCU0gxCzAJBgNV
+BAcMAlNIMRIwEAYDVQQKDAlUaWFub0NvcmUxDjAMBgNVBAsMBUVES0lJMREwDwYD
+VQQDDAhUZXN0Um9vdDEiMCAGCSqGSIb3DQEJARYTZWRraWlAdGlhbm9jb3JlLm9y
+ZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALkpKWxgDNcj9n3u8GL/
+2cmqVYyBlVY/t1ZTsMKCEsU7dSO5TdbEVXPzqpWoG/OTfp5A5B0inJMHC9eqW9fk
+GiGE12NZA1Af9RRVk5Gb9VKwvw5caDtZUpiWVuGrxEO7BVd4RQGfWBVTDhGULw7x
+phmiboY5KzONx8Xr7h4z0zKUwVnEDJcLEkhfM/ZgdH1XwhMtfamHozXqkYM/Z3qS
+HwFTn2JfmRL9cxstnitsNEmvTwePwOlrnl95NdoqXIju9khh2pbjSEaglByd9lyH
+Du90CZENPVrnxUyKeqyhhbZnRBdVUjroEU1YopMAYup7gO3Pvd91gEu5ZWOtC010
+lkCAwEAAaNjMGEwHQYDVR0OBBYEFBaq1o4bLUPzLbAkrTZlP7L6sSztMB8GA1Ud
+IwQYMBaAFBaq1o4bLUPzLbAkrTZlP7L6sSztMA8GA1UdEwEB/wQFMAMBAf8wDgYD
+VR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4IBAQCV3t+kFNuSIngavTGdHtcv
+ChARXXRh6DDE8xXpMFT0uwwEeBNdLN2MkpDRnNDQGKOj/IwoWtSRTQjD9hrI3aYI
+WOIVlfstLYqxMIC9mrbhLCA+3cTHVWXPKBf07tq+d3DVUtYVevutr/3VRZBa5jFC
+14SzSVZq00fzv2hgiw/ir/Tj7BK54joWEU5Nc3mvR4VMdiaeizLAjsLcJ6bvrJOe
+oV7PNEXgKsedTdfXN3KX+Fj5tjVI8dEKcn/9TXzpzNhIG0lSU95RAVM1vJDNjIrM
+QyCnRf8rVbCLLf9VFUuE0MPTkJyUS1XVYuoiq2Jo3VPG3KXdmi2OeXwunORmgIwd
+-----END CERTIFICATE-----