| OLD | NEW |
|---|
| 1 #!/bin/sh | 1 #!/bin/sh |
| 2 | 2 |
| 3 # Copyright 2013 The Chromium Authors. All rights reserved. | 3 # Copyright 2013 The Chromium Authors. All rights reserved. |
| 4 # Use of this source code is governed by a BSD-style license that can be | 4 # Use of this source code is governed by a BSD-style license that can be |
| 5 # found in the LICENSE file. | 5 # found in the LICENSE file. |
| 6 | 6 |
| 7 # This script generates a set of test (end-entity, intermediate, root) | 7 # This script generates a set of test (end-entity, intermediate, root) |
| 8 # certificates that can be used to test fetching of an intermediate via AIA. | 8 # certificates that can be used to test fetching of an intermediate via AIA. |
| 9 | 9 |
| 10 try() { | 10 try() { |
| (...skipping 114 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 125 try openssl req -x509 -days 3650 \ | 125 try openssl req -x509 -days 3650 \ |
| 126 -config ../scripts/ee.cnf -newkey rsa:2048 -text \ | 126 -config ../scripts/ee.cnf -newkey rsa:2048 -text \ |
| 127 -sha256 \ | 127 -sha256 \ |
| 128 -out ../certificates/sha256.pem | 128 -out ../certificates/sha256.pem |
| 129 | 129 |
| 130 ## Self-signed cert for SPDY/QUIC/HTTP2 pooling testing | 130 ## Self-signed cert for SPDY/QUIC/HTTP2 pooling testing |
| 131 try openssl req -x509 -days 3650 -extensions req_spdy_pooling \ | 131 try openssl req -x509 -days 3650 -extensions req_spdy_pooling \ |
| 132 -config ../scripts/ee.cnf -newkey rsa:2048 -text \ | 132 -config ../scripts/ee.cnf -newkey rsa:2048 -text \ |
| 133 -out ../certificates/spdy_pooling.pem | 133 -out ../certificates/spdy_pooling.pem |
| 134 | 134 |
| 135 ## Self-signed cert for general SPDY testing |
| 136 try openssl req -x509 -days 3650 -extensions req_spdy \ |
| 137 -config ../scripts/ee.cnf -newkey rsa:2048 -text \ |
| 138 -out ../certificates/spdy.pem |
| 139 |
| 135 ## SubjectAltName parsing | 140 ## SubjectAltName parsing |
| 136 try openssl req -x509 -days 3650 -extensions req_san_sanity \ | 141 try openssl req -x509 -days 3650 -extensions req_san_sanity \ |
| 137 -config ../scripts/ee.cnf -newkey rsa:2048 -text \ | 142 -config ../scripts/ee.cnf -newkey rsa:2048 -text \ |
| 138 -out ../certificates/subjectAltName_sanity_check.pem | 143 -out ../certificates/subjectAltName_sanity_check.pem |
| 139 | 144 |
| 140 ## Punycode handling | 145 ## Punycode handling |
| 141 SUBJECT_NAME="req_punycode_dn" \ | 146 SUBJECT_NAME="req_punycode_dn" \ |
| 142 try openssl req -x509 -days 3650 -extensions req_punycode \ | 147 try openssl req -x509 -days 3650 -extensions req_punycode \ |
| 143 -config ../scripts/ee.cnf -newkey rsa:2048 -text \ | 148 -config ../scripts/ee.cnf -newkey rsa:2048 -text \ |
| 144 -out ../certificates/punycodetest.pem | 149 -out ../certificates/punycodetest.pem |
| (...skipping 154 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 299 ## Block a leaf cert by issuer-hash-and-serial. However, this will be issued | 304 ## Block a leaf cert by issuer-hash-and-serial. However, this will be issued |
| 300 ## from an intermediate CA issued underneath a root. | 305 ## from an intermediate CA issued underneath a root. |
| 301 try python crlsetutil.py -o ../certificates/crlset_by_intermediate_serial.raw \ | 306 try python crlsetutil.py -o ../certificates/crlset_by_intermediate_serial.raw \ |
| 302 <<CRLSETBYINTERMEDIATESERIAL | 307 <<CRLSETBYINTERMEDIATESERIAL |
| 303 { | 308 { |
| 304 "BlockedByHash": { | 309 "BlockedByHash": { |
| 305 "../certificates/quic_intermediate.crt": [3] | 310 "../certificates/quic_intermediate.crt": [3] |
| 306 } | 311 } |
| 307 } | 312 } |
| 308 CRLSETBYINTERMEDIATESERIAL | 313 CRLSETBYINTERMEDIATESERIAL |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1074193003:
Verify alternative server certificate validity for origin. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master