revoke leaf by intermediate, not root

mmetc · May 28, 2024 · a590ca0 · a590ca0
1 parent c966254
commit a590ca0
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 12 deletions.
diff --git a/test/bats/11_bouncers_tls.bats b/test/bats/11_bouncers_tls.bats
@@ -4,7 +4,6 @@
 set -u
 
 # TODO:
-# revoke by intermediate, not root
 # revoke by root should be considered invalid (and test it)
 # test indirectly revoked leaf
 
@@ -87,19 +86,18 @@ setup_file() {
 
     # Revoke certs
     {
-        # TODO: revoke by intermediate, not root
         echo '-----BEGIN X509 CRL-----'
         cfssl gencrl \
             <(cfssl certinfo -cert "${tmpdir}/leaf_rev1.pem" | jq -r '.serial_number') \
-            "${tmpdir}/root.pem" \
-            "${tmpdir}/root-key.pem"
+            "${tmpdir}/inter.pem" \
+            "${tmpdir}/inter-key.pem"
         echo '-----END X509 CRL-----'
 
         echo '-----BEGIN X509 CRL-----'
         cfssl gencrl \
             <(cfssl certinfo -cert "${tmpdir}/leaf_rev2.pem" | jq -r '.serial_number') \
-            "${tmpdir}/root.pem" \
-            "${tmpdir}/root-key.pem"
+            "${tmpdir}/inter.pem" \
+            "${tmpdir}/inter-key.pem"
         echo '-----END X509 CRL-----'
 
         echo '-----BEGIN X509 CRL-----'

diff --git a/test/bats/30_machines_tls.bats b/test/bats/30_machines_tls.bats
@@ -73,19 +73,18 @@ setup_file() {
 
     # Revoke certs
     {
-        # TODO: revoke by intermediate, not root
         echo '-----BEGIN X509 CRL-----'
         cfssl gencrl \
             <(cfssl certinfo -cert "${tmpdir}/leaf_rev1.pem" | jq -r '.serial_number') \
-            "${tmpdir}/root.pem" \
-            "${tmpdir}/root-key.pem"
+            "${tmpdir}/inter.pem" \
+            "${tmpdir}/inter-key.pem"
         echo '-----END X509 CRL-----'
 
         echo '-----BEGIN X509 CRL-----'
         cfssl gencrl \
             <(cfssl certinfo -cert "${tmpdir}/leaf_rev2.pem" | jq -r '.serial_number') \
-            "${tmpdir}/root.pem" \
-            "${tmpdir}/root-key.pem"
+            "${tmpdir}/inter.pem" \
+            "${tmpdir}/inter-key.pem"
         echo '-----END X509 CRL-----'
 
         echo '-----BEGIN X509 CRL-----'
@@ -96,7 +95,6 @@ setup_file() {
         echo '-----END X509 CRL-----'
     } >> "${tmpdir}/crl.pem"
 
-
     cat "${tmpdir}/root.pem" "${tmpdir}/inter.pem" > "${tmpdir}/bundle.pem"
 
     config_set '