| OLD | NEW |
|---|
| 1 #!/bin/sh | 1 #!/bin/sh |
| 2 | 2 |
| 3 # Copyright 2013 The Chromium Authors. All rights reserved. | 3 # Copyright 2013 The Chromium Authors. All rights reserved. |
| 4 # Use of this source code is governed by a BSD-style license that can be | 4 # Use of this source code is governed by a BSD-style license that can be |
| 5 # found in the LICENSE file. | 5 # found in the LICENSE file. |
| 6 | 6 |
| 7 # This script generates a set of test (end-entity, intermediate, root) | 7 # This script generates a set of test (end-entity, intermediate, root) |
| 8 # certificates that can be used to test fetching of an intermediate via AIA. | 8 # certificates that can be used to test fetching of an intermediate via AIA. |
| 9 | 9 |
| 10 try() { | 10 try() { |
| (...skipping 132 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 143 -config ../scripts/ee.cnf -newkey rsa:2048 -text \ | 143 -config ../scripts/ee.cnf -newkey rsa:2048 -text \ |
| 144 -out ../certificates/punycodetest.pem | 144 -out ../certificates/punycodetest.pem |
| 145 | 145 |
| 146 ## Reject intranet hostnames in "publicly" trusted certs | 146 ## Reject intranet hostnames in "publicly" trusted certs |
| 147 # 365 * 3 = 1095 | 147 # 365 * 3 = 1095 |
| 148 SUBJECT_NAME="req_dn" \ | 148 SUBJECT_NAME="req_dn" \ |
| 149 try openssl req -x509 -days 1095 \ | 149 try openssl req -x509 -days 1095 \ |
| 150 -config ../scripts/ee.cnf -newkey rsa:2048 -text \ | 150 -config ../scripts/ee.cnf -newkey rsa:2048 -text \ |
| 151 -out ../certificates/reject_intranet_hosts.pem | 151 -out ../certificates/reject_intranet_hosts.pem |
| 152 | 152 |
| 153 ## Leaf certificate with a large key; Apple's certificate verifier rejects with |
| 154 ## a fatal error if the key is bigger than 4096 bits. |
| 155 try openssl req -x509 -days 3650 \ |
| 156 -config ../scripts/ee.cnf -newkey rsa:4104 -text \ |
| 157 -sha256 \ |
| 158 -out ../certificates/large_key.pem |
| 159 |
| 153 ## Validity too long unit test support. | 160 ## Validity too long unit test support. |
| 154 try openssl req -config ../scripts/ee.cnf \ | 161 try openssl req -config ../scripts/ee.cnf \ |
| 155 -newkey rsa:2048 -text -out ../certificates/10_year_validity.req | 162 -newkey rsa:2048 -text -out ../certificates/10_year_validity.req |
| 156 CA_COMMON_NAME="Test Root CA" \ | 163 CA_COMMON_NAME="Test Root CA" \ |
| 157 try openssl ca \ | 164 try openssl ca \ |
| 158 -batch \ | 165 -batch \ |
| 159 -extensions user_cert \ | 166 -extensions user_cert \ |
| 160 -startdate 081030000000Z \ | 167 -startdate 081030000000Z \ |
| 161 -enddate 181029000000Z \ | 168 -enddate 181029000000Z \ |
| 162 -in ../certificates/10_year_validity.req \ | 169 -in ../certificates/10_year_validity.req \ |
| (...skipping 136 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 299 ## Block a leaf cert by issuer-hash-and-serial. However, this will be issued | 306 ## Block a leaf cert by issuer-hash-and-serial. However, this will be issued |
| 300 ## from an intermediate CA issued underneath a root. | 307 ## from an intermediate CA issued underneath a root. |
| 301 try python crlsetutil.py -o ../certificates/crlset_by_intermediate_serial.raw \ | 308 try python crlsetutil.py -o ../certificates/crlset_by_intermediate_serial.raw \ |
| 302 <<CRLSETBYINTERMEDIATESERIAL | 309 <<CRLSETBYINTERMEDIATESERIAL |
| 303 { | 310 { |
| 304 "BlockedByHash": { | 311 "BlockedByHash": { |
| 305 "../certificates/quic_intermediate.crt": [3] | 312 "../certificates/quic_intermediate.crt": [3] |
| 306 } | 313 } |
| 307 } | 314 } |
| 308 CRLSETBYINTERMEDIATESERIAL | 315 CRLSETBYINTERMEDIATESERIAL |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1094983002:
Account for the OS returning an empty certificate chain. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master