Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(168)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/data/ssl/scripts/generate-cross-signed-certs.sh

Issue 1066613002: Revert of Don't process HSTS/HPKP headers when host is an IP address (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 5 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/data/ssl/scripts/generate-aia-certs.sh ('k') | net/data/ssl/scripts/generate-policy-certs.sh » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 #!/bin/sh 1 #!/bin/sh
2 2
3 # Copyright 2013 The Chromium Authors. All rights reserved. 3 # Copyright 2013 The Chromium Authors. All rights reserved.
4 # Use of this source code is governed by a BSD-style license that can be 4 # Use of this source code is governed by a BSD-style license that can be
5 # found in the LICENSE file. 5 # found in the LICENSE file.
6 6
7 # This script generates a two roots - one legacy one signed with MD5, and 7 # This script generates a two roots - one legacy one signed with MD5, and
8 # another (newer) one signed with SHA256 - and has a leaf certificate signed 8 # another (newer) one signed with SHA256 - and has a leaf certificate signed
9 # by these without any distinguishers. 9 # by these without any distinguishers.
10 # 10 #
11 # The "cross-signed" comes from the fact that both the MD5 and SHA256 roots 11 # The "cross-signed" comes from the fact that both the MD5 and SHA256 roots
12 # share the same Authority Key ID, Subject Key ID, Subject, and Subject Public 12 # share the same Authority Key ID, Subject Key ID, Subject, and Subject Public
13 # Key Info. When the chain building algorithm is evaluating paths, if it prefers 13 # Key Info. When the chain building algorithm is evaluating paths, if it prefers
14 # untrusted over trusted, then it will see the MD5 certificate as a self-signed 14 # untrusted over trusted, then it will see the MD5 certificate as a self-signed
15 # cert that is "cross-signed" by the trusted SHA256 root. 15 # cert that is "cross-signed" by the trusted SHA256 root.
16 # 16 #
17 # The SHA256 root should be (temporarily) trusted, and the resulting chain 17 # The SHA256 root should be (temporarily) trusted, and the resulting chain
18 # should be leaf -> SHA256root, not leaf -> MD5root, leaf -> SHA256root -> 18 # should be leaf -> SHA256root, not leaf -> MD5root, leaf -> SHA256root ->
19 # MD5root, or leaf -> MD5root -> SHA256root 19 # MD5root, or leaf -> MD5root -> SHA256root
20 20
21 try() { 21 try() {
22 "$@" || (e=$?; echo "$@" > /dev/stderr; exit $e) 22 echo "$@"
23 "$@" || exit 1
24 }
25
26 quiet_try() {
27 "$@" || exit 1
23 } 28 }
24 29
25 try rm -rf out 30 try rm -rf out
26 try mkdir out 31 try mkdir out
27 32
28 try /bin/sh -c "echo 01 > out/2048-sha256-root-serial" 33 try /bin/sh -c "echo 01 > out/2048-sha256-root-serial"
29 try /bin/sh -c "echo 02 > out/2048-md5-root-serial" 34 try /bin/sh -c "echo 02 > out/2048-md5-root-serial"
30 touch out/2048-sha256-root-index.txt 35 touch out/2048-sha256-root-index.txt
31 touch out/2048-md5-root-index.txt 36 touch out/2048-md5-root-index.txt
32 37
(...skipping 40 matching lines...) Expand 10 before | Expand all | Expand 10 after
73 # Generate the leaf certificates 78 # Generate the leaf certificates
74 CA_COMMON_NAME="Test Dup-Hash Root CA" \ 79 CA_COMMON_NAME="Test Dup-Hash Root CA" \
75 try openssl ca \ 80 try openssl ca \
76 -batch \ 81 -batch \
77 -extensions user_cert \ 82 -extensions user_cert \
78 -days 3650 \ 83 -days 3650 \
79 -in out/ok_cert.req \ 84 -in out/ok_cert.req \
80 -out out/ok_cert.pem \ 85 -out out/ok_cert.pem \
81 -config ca.cnf 86 -config ca.cnf
82 87
83 try openssl x509 -text \ 88 quiet_try openssl x509 -text \
84 -in out/2048-md5-root.pem > ../certificates/cross-signed-root-md5.pem 89 -in out/2048-md5-root.pem > ../certificates/cross-signed-root-md5.pem
85 try openssl x509 -text \ 90 quiet_try openssl x509 -text \
86 -in out/2048-sha256-root.pem > ../certificates/cross-signed-root-sha256.pem 91 -in out/2048-sha256-root.pem > ../certificates/cross-signed-root-sha256.pem
87 try openssl x509 -text \ 92 quiet_try openssl x509 -text \
88 -in out/ok_cert.pem > ../certificates/cross-signed-leaf.pem 93 -in out/ok_cert.pem > ../certificates/cross-signed-leaf.pem
OLDNEW
« no previous file with comments | « net/data/ssl/scripts/generate-aia-certs.sh ('k') | net/data/ssl/scripts/generate-policy-certs.sh » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698