Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(268)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/data/ssl/scripts/generate-test-certs.sh

Issue 1059303002: Don't process HSTS/HPKP headers when host is an IP address (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: add tests for HPKP/HSTS headers on IPs Created 5 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « net/data/ssl/scripts/ee.cnf ('k') | net/data/url_request_unittest/hpkp-headers.html.mock-http-headers » ('j') | net/test/spawned_test_server/base_test_server.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/data/ssl/scripts/generate-test-certs.sh
diff --git a/net/data/ssl/scripts/generate-test-certs.sh b/net/data/ssl/scripts/generate-test-certs.sh
index 24eadf108552a1bde2e64fc6ecd8cc22a5d1d269..d81f6840401f3d68d9661fa144fdbbaf1e76169a 100755
--- a/net/data/ssl/scripts/generate-test-certs.sh
+++ b/net/data/ssl/scripts/generate-test-certs.sh
@@ -12,6 +12,10 @@ try() {
"$@" || exit 1
}
+quiet_try() {
+ "$@" || exit 1
palmer 2015/04/03 21:04:51 Idea (take it or leave it): Unify try and quiet_tr
estark 2015/04/03 21:22:30 Done.
+}
+
try rm -rf out
try mkdir out
@@ -30,14 +34,13 @@ CA_COMMON_NAME="Test Root CA" \
-config ca.cnf
CA_COMMON_NAME="Test Root CA" \
- try openssl x509 \
+ quiet_try openssl x509 \
-req -days 3650 \
-in out/2048-sha256-root.req \
- -out out/2048-sha256-root.pem \
-signkey out/2048-sha256-root.key \
-extfile ca.cnf \
-extensions ca_cert \
- -text
+ -text > out/2048-sha256-root.pem
# Generate the leaf certificate requests
try openssl req \
@@ -52,6 +55,14 @@ try openssl req \
-out out/ok_cert.req \
-config ee.cnf
+SUBJECT_NAME=req_localhost_cn \
+try openssl req \
+ -new \
+ -keyout out/localhost_cert.key \
+ -out out/localhost_cert.req \
+ -reqexts req_extensions_none \
+ -config ee.cnf
+
# Generate the leaf certificates
CA_COMMON_NAME="Test Root CA" \
try openssl ca \
@@ -92,8 +103,19 @@ CA_COMMON_NAME="Test Root CA" \
-out out/name_constraint_good.pem \
-config ca.cnf
+CA_COMMON_NAME="Test Root CA" \
+ try openssl ca \
+ -batch \
+ -extensions user_cert \
+ -days 3650 \
+ -in out/localhost_cert.req \
+ -out out/localhost_cert.pem \
+ -config ca.cnf
+
try /bin/sh -c "cat out/ok_cert.key out/ok_cert.pem \
> ../certificates/ok_cert.pem"
+try /bin/sh -c "cat out/localhost_cert.key out/localhost_cert.pem \
+ > ../certificates/localhost_cert.pem"
try /bin/sh -c "cat out/expired_cert.key out/expired_cert.pem \
> ../certificates/expired_cert.pem"
try /bin/sh -c "cat out/2048-sha256-root.key out/2048-sha256-root.pem \
@@ -108,7 +130,7 @@ try /bin/sh -c "cat out/ok_cert.key out/name_constraint_good.pem \
try openssl req -x509 -days 3650 \
-config ../scripts/ee.cnf -newkey rsa:2048 -text \
-sha256 \
- -out sha256.pem
+ -out ../certificates/sha256.pem
## Self-signed cert for SPDY/QUIC/HTTP2 pooling testing
try openssl req -x509 -days 3650 -extensions req_spdy_pooling \
« no previous file with comments | « net/data/ssl/scripts/ee.cnf ('k') | net/data/url_request_unittest/hpkp-headers.html.mock-http-headers » ('j') | net/test/spawned_test_server/base_test_server.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698