Start each regress run from scratch with new keys and CA database.

1 files changed, 17 insertions, 12 deletions

diff --git a/regress/lib/libcrypto/CA/Makefile b/regress/lib/libcrypto/CA/Makefile
index 3e445d2de00..3616b132bfc 100644
--- a/regress/lib/libcrypto/CA/Makefile
+++ b/regress/lib/libcrypto/CA/Makefile
@@ -1,7 +1,10 @@
-#	$OpenBSD: Makefile,v 1.2 2020/12/26 00:48:56 bluhm Exp $
+#	$OpenBSD: Makefile,v 1.3 2020/12/26 14:42:09 bluhm Exp $
 
 CLEANFILES +=	*.pem *.serial *.txt *.attr *.old
 
+# Start each regress run from scratch with new keys and CA database.
+REGRESS_SETUP_ONCE +=	clean
+
 REGRESS_SETUP_ONCE +=	root.serial intermediate.serial
 root.serial intermediate.serial:
 	echo 1000 >$@
@@ -11,17 +14,18 @@ root.txt intermediate.txt:
 	true >$@
 
 # Vanna Vanna make me a root cert
-root.key.pem:
+root.key.pem: stamp-clean
 	# generate root rsa 4096 key
 	openssl genrsa -out root.key.pem 4096
 
-root.cert.pem: root.cnf root.key.pem
-	# generate root req
+root.cert.pem: root.cnf root.key.pem \
+    stamp-root.serial stamp-root.txt
+	# generate root cert
 	openssl req -batch -config ${.CURDIR}/root.cnf -key root.key.pem \
 	    -new -x509 -days 365 -sha256 -extensions v3_ca -out root.cert.pem
 
 # Make intermediate
-intermediate.key.pem:
+intermediate.key.pem: stamp-clean
 	# generate intermediate rsa 2048 key
 	openssl genrsa -out intermediate.key.pem 2048
 
@@ -31,14 +35,15 @@ intermediate.csr.pem: intermediate.cnf intermediate.key.pem
 	  -key intermediate.key.pem -out intermediate.csr.pem
 
 # Sign intermediate
-intermediate.cert.pem:  root.cnf root.cert.pem intermediate.csr.pem
+intermediate.cert.pem: root.cnf root.cert.pem intermediate.csr.pem \
+    stamp-intermediate.serial stamp-intermediate.txt
 	# sign intermediate
 	openssl ca -batch -config ${.CURDIR}/root.cnf \
 	    -extensions v3_intermediate_ca -days 10 -notext -md sha256 \
 	    -in intermediate.csr.pem -out intermediate.cert.pem
 
 REGRESS_TARGETS +=	run-verify-intermediate
-# Verify Intermediate
+# Verify intermediate
 run-verify-intermediate: root.cert.pem intermediate.cert.pem
 	# validate intermediate CA
 	openssl verify -CAfile root.cert.pem intermediate.cert.pem
@@ -47,7 +52,7 @@ chain.pem: intermediate.cert.pem root.cert.pem
 	cat intermediate.cert.pem root.cert.pem > chain.pem
 
 # Make a server certificate
-server.key.pem:
+server.key.pem: stamp-clean
 	# genrsa server
 	openssl genrsa -out server.key.pem 2048
 
@@ -65,7 +70,7 @@ server.cert.pem: intermediate.cnf intermediate.cert.pem server.csr.pem
 	    -in server.csr.pem -out server.cert.pem
 
 # Make a client certificate
-client.key.pem:
+client.key.pem: stamp-clean
 	# genrsa client
 	openssl genrsa -out client.key.pem 2048
 
@@ -76,20 +81,20 @@ client.csr.pem: intermediate.cnf intermediate.cert.pem client.key.pem
 	    -key client.key.pem -out client.csr.pem
 
 # Sign client key
-client.cert.pem: intermediate.cnf intermediate.txt client.csr.pem
+client.cert.pem: intermediate.cnf intermediate.cert.pem client.csr.pem
 	# client sign
 	openssl ca -batch -config ${.CURDIR}/intermediate.cnf \
 	    -extensions usr_cert -days 5 -notext -md sha256 \
 	    -in client.csr.pem -out client.cert.pem
 
 REGRESS_TARGETS +=	run-verify-server
-# Verify Intermediate
+# Verify server with intermediate
 run-verify-server: chain.pem server.cert.pem
 	# validate server cert
 	openssl verify -purpose sslserver -CAfile chain.pem server.cert.pem
 
 REGRESS_TARGETS +=	run-verify-client
-# Verify Intermediate
+# Verify client with intermediate
 run-verify-client: chain.pem client.cert.pem
 	# validate client cert
 	openssl verify -purpose sslclient -CAfile chain.pem client.cert.pem