tests: Pass --verify-profile=medium to certtool if supported
certtool emits the following message if --verify-profile is not
passed:
Note that no verification profile was selected. In the future the medium profile will be enabled by default.
Use --verify-profile low to apply the default verification of NORMAL priority string.
Pass the --verify-profile option if certtool supports it (since ~3.6.12).
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
diff --git a/tests/test_tpm2_swtpm_localca b/tests/test_tpm2_swtpm_localca
index 0d6e143..b6ff56a 100755
--- a/tests/test_tpm2_swtpm_localca
+++ b/tests/test_tpm2_swtpm_localca
@@ -24,6 +24,10 @@
source ${TESTDIR}/common
+if [ -n "$(${CERTTOOL} --help | grep -E "\-\-verify-profile")" ]; then
+ verify_profile="--verify-profile=medium"
+fi
+
trap "cleanup" SIGTERM EXIT
function cleanup()
@@ -125,6 +129,7 @@
${CERTTOOL} \
--verify \
+ ${verify_profile} \
--load-ca-certificate "${ISSUERCERT}" \
--infile "${workdir}/ek.pem"
if [ $? -ne 0 ]; then
diff --git a/tests/test_tpm2_swtpm_localca_pkcs11.test b/tests/test_tpm2_swtpm_localca_pkcs11.test
index c81989d..f5f7f0c 100755
--- a/tests/test_tpm2_swtpm_localca_pkcs11.test
+++ b/tests/test_tpm2_swtpm_localca_pkcs11.test
@@ -35,6 +35,10 @@
source ${TESTDIR}/common
+if [ -n "$(${CERTTOOL} --help | grep -E "\-\-verify-profile")" ]; then
+ verify_profile="--verify-profile=medium"
+fi
+
trap "cleanup" SIGTERM EXIT
function cleanup()
@@ -214,6 +218,7 @@
GNUTLS_PIN=${PIN} ${CERTTOOL} \
--verify \
+ ${verify_profile} \
--load-ca-certificate ${ISSUERCERT} \
--infile ${workdir}/ek.pem
if [ $? -ne 0 ]; then