update rust-openssl and fix cert validation test

Signed-off-by: Jun Kimura <jun.kimura@datachain.jp>

Author: bluele

Cargo.toml

@@ -25,7 +25,7 @@ sha2            = { version = "0.10.8" }
 sha3            = { version = "0.10.8" }
 urlencoding     = { version = "2" }
 x509-parser     = { version = "0.15.1" }
-openssl         = { git = "https://github.com/datachainlab/rust-openssl", rev = "6fdf2f32721719d173bf909c97e982fe4e2e2819" }
+openssl         = { git = "https://github.com/datachainlab/rust-openssl", rev = "1e4f9af40f9e2d74c9775482f7f5e6449cc7b8e1" }
 
 dcap-types          = { path = "crates/types" }
 dcap-collaterals    = { path = "crates/collaterals" }

crates/quote-verifier/src/tcb_info.rs

@@ -210,13 +210,17 @@ mod tests {
             }
         }
         {
-            let pck_ca_crl = gen_crl_der(
-                &pck_certchain.pck_cert_ca,
-                &pck_certchain.pck_cert_ca_key,
-                vec![tcb_certchain.cert.clone()],
-                None,
+            // Generate another TCB signing cert from root CA to use as revoked cert
+            let another_tcb_key = gen_key();
+            let another_tcb_cert = gen_tcb_signing_ca(
+                &root_ca.cert,
+                &root_ca.key,
+                &another_tcb_key,
+                Validity::new_with_duration(1730000001, 1000),
             )
             .unwrap();
+            let root_ca_crl =
+                gen_crl_der(&root_ca.cert, &root_ca.key, vec![another_tcb_cert], None).unwrap();
             let crls = IntelSgxCrls::new(
                 CertificateRevocationList::from_der(root_ca_crl.as_ref())
                     .unwrap()