If DO_RELEASE_BUILD is set use pubkey-release and test with it This currently fails because polarssl rejects keys with a public exponent larger then 64 bit. With the following patch all tests pass. But this currently awaits upstream comment. https://polarssl.org/discussions/bug-report-issues/rsa-keys-with-large-public-exponents-are-rejected --- rsa.c.orig 2014-04-10 17:22:32.727290031 +0200 +++ rsa.c 2014-04-10 17:22:38.847410225 +0200 @@ -154,7 +154,7 @@ return( POLARSSL_ERR_RSA_KEY_CHECK_FAILED ); if( mpi_msb( &ctx->E ) < 2 || - mpi_msb( &ctx->E ) > 64 ) + mpi_msb( &ctx->E ) > POLARSSL_MPI_MAX_BITS ) return( POLARSSL_ERR_RSA_KEY_CHECK_FAILED ); return( 0 );

--- a/ui/tests/data/NOTES	Thu Apr 10 17:06:37 2014 +0200
+++ b/ui/tests/data/NOTES	Thu Apr 10 17:50:44 2014 +0200
@@ -19,6 +19,12 @@
     cp list-valid-signed.txt list-invalid-signed.txt
     tail -1 list-valid.txt >> list-invalid-signed.txt
 
+    # To create test data for something you might want to release
+
+    PRIVKEY=...
+    echo -e S:$(openssl dgst -sha256 -sign $PRIVKEY < list-valid.txt | base64 -w0)\\r > list-valid-signed-release.txt
+    cat list-valid.txt >> list-valid-signed-release.txt
+
 # List with 0 created manually by placing a \0 in the signature
 
 # Test server certificate: