Merge branch 'legoscia/ssl_crl_hash_dir-bis/PR-982/OTP-13530'

* legoscia/ssl_crl_hash_dir-bis/PR-982/OTP-13530:
  Skip crl_hash_dir_expired test for LibreSSL
  Add ssl_crl_hash_dir module
  Function for generating OpenSSL-style name hashes
  Add public_key:pkix_match_dist_point
  Improve formatting for crl_{check,cache} options
  Add issuer arg to ssl_crl_cache_api lookup callback

Conflicts:
	lib/public_key/test/public_key_SUITE.erl

1 files changed, 14 insertions, 1 deletions

diff --git a/lib/ssl/test/make_certs.erl b/lib/ssl/test/make_certs.erl
index 5eebf773a7..009bcd81ad 100644
--- a/lib/ssl/test/make_certs.erl
+++ b/lib/ssl/test/make_certs.erl
@@ -172,16 +172,29 @@ revoke(Root, CA, User, C) ->
     gencrl(Root, CA, C).
 
 gencrl(Root, CA, C) ->
+    %% By default, the CRL is valid for 24 hours from now.
+    gencrl(Root, CA, C, 24).
+
+gencrl(Root, CA, C, CrlHours) ->
     CACnfFile = filename:join([Root, CA, "ca.cnf"]),
     CACRLFile = filename:join([Root, CA, "crl.pem"]),
     Cmd = [C#config.openssl_cmd, " ca"
 	   " -gencrl ",
-	   " -crlhours 24",
+	   " -crlhours ", integer_to_list(CrlHours),
 	   " -out ", CACRLFile,
 	   " -config ", CACnfFile],
     Env = [{"ROOTDIR", filename:absname(Root)}], 
     cmd(Cmd, Env).
 
+can_generate_expired_crls(C) ->
+    %% OpenSSL can generate CRLs with an expiration date in the past,
+    %% if we pass a negative number for -crlhours.  However, LibreSSL
+    %% rejects this with the error "invalid argument -24: too small".
+    %% Let's check which one we have.
+    Cmd = [C#config.openssl_cmd, " ca -crlhours -24"],
+    Output = os:cmd(Cmd),
+    0 =:= string:str(Output, "too small").
+
 verify(Root, CA, User, C) ->
     CAFile = filename:join([Root, User, "cacerts.pem"]),
     CACRLFile = filename:join([Root, CA, "crl.pem"]),