Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(181)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/data/ssl/scripts/generate-test-certs.sh

Issue 1223233002: Common Name Mismatch Handler For WWW Subdomain Mismatch case (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Minor Changes: Removing test code Created 5 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« chrome/browser/ssl/ssl_error_handler_unittest.cc ('K') | « net/data/ssl/scripts/ee.cnf ('k') | net/test/spawned_test_server/base_test_server.h » ('j') | net/test/spawned_test_server/base_test_server.h » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 #!/bin/sh 1 #!/bin/sh
2 2
3 # Copyright 2013 The Chromium Authors. All rights reserved. 3 # Copyright 2013 The Chromium Authors. All rights reserved.
4 # Use of this source code is governed by a BSD-style license that can be 4 # Use of this source code is governed by a BSD-style license that can be
5 # found in the LICENSE file. 5 # found in the LICENSE file.
6 6
7 # This script generates a set of test (end-entity, intermediate, root) 7 # This script generates a set of test (end-entity, intermediate, root)
8 # certificates that can be used to test fetching of an intermediate via AIA. 8 # certificates that can be used to test fetching of an intermediate via AIA.
9 9
10 try() { 10 try() {
(...skipping 40 matching lines...) Expand 10 before | Expand all | Expand 10 after
51 -config ee.cnf 51 -config ee.cnf
52 52
53 SUBJECT_NAME=req_localhost_cn \ 53 SUBJECT_NAME=req_localhost_cn \
54 try openssl req \ 54 try openssl req \
55 -new \ 55 -new \
56 -keyout out/localhost_cert.key \ 56 -keyout out/localhost_cert.key \
57 -out out/localhost_cert.req \ 57 -out out/localhost_cert.req \
58 -reqexts req_localhost_san \ 58 -reqexts req_localhost_san \
59 -config ee.cnf 59 -config ee.cnf
60 60
61 SUBJECT_NAME=req_example_cn \
62 try openssl req \
63 -new \
64 -keyout out/example_cert.key \
65 -out out/example_cert.req \
66 -reqexts req_example_san \
67 -config ee.cnf
68
69 SUBJECT_NAME=req_www_example_cn \
70 try openssl req \
71 -new \
72 -keyout out/www_example_cert.key \
73 -out out/www_example_cert.req \
74 -reqexts req_www_example_san \
75 -config ee.cnf
76
61 # Generate the leaf certificates 77 # Generate the leaf certificates
62 CA_COMMON_NAME="Test Root CA" \ 78 CA_COMMON_NAME="Test Root CA" \
63 try openssl ca \ 79 try openssl ca \
64 -batch \ 80 -batch \
65 -extensions user_cert \ 81 -extensions user_cert \
66 -startdate 060101000000Z \ 82 -startdate 060101000000Z \
67 -enddate 070101000000Z \ 83 -enddate 070101000000Z \
68 -in out/expired_cert.req \ 84 -in out/expired_cert.req \
69 -out out/expired_cert.pem \ 85 -out out/expired_cert.pem \
70 -config ca.cnf 86 -config ca.cnf
(...skipping 29 matching lines...) Expand all
100 116
101 CA_COMMON_NAME="Test Root CA" \ 117 CA_COMMON_NAME="Test Root CA" \
102 try openssl ca \ 118 try openssl ca \
103 -batch \ 119 -batch \
104 -extensions user_cert \ 120 -extensions user_cert \
105 -days 3650 \ 121 -days 3650 \
106 -in out/localhost_cert.req \ 122 -in out/localhost_cert.req \
107 -out out/localhost_cert.pem \ 123 -out out/localhost_cert.pem \
108 -config ca.cnf 124 -config ca.cnf
109 125
126 CA_COMMON_NAME="Test Root CA" \
127 try openssl ca \
128 -batch \
129 -extensions user_cert \
130 -days 3650 \
131 -in out/example_cert.req \
132 -out out/example_cert.pem \
133 -config ca.cnf
134
135 CA_COMMON_NAME="Test Root CA" \
136 try openssl ca \
137 -batch \
138 -extensions user_cert \
139 -days 3650 \
140 -in out/www_example_cert.req \
141 -out out/www_example_cert.pem \
142 -config ca.cnf
143
110 try /bin/sh -c "cat out/ok_cert.key out/ok_cert.pem \ 144 try /bin/sh -c "cat out/ok_cert.key out/ok_cert.pem \
111 > ../certificates/ok_cert.pem" 145 > ../certificates/ok_cert.pem"
112 try /bin/sh -c "cat out/localhost_cert.key out/localhost_cert.pem \ 146 try /bin/sh -c "cat out/localhost_cert.key out/localhost_cert.pem \
113 > ../certificates/localhost_cert.pem" 147 > ../certificates/localhost_cert.pem"
114 try /bin/sh -c "cat out/expired_cert.key out/expired_cert.pem \ 148 try /bin/sh -c "cat out/expired_cert.key out/expired_cert.pem \
115 > ../certificates/expired_cert.pem" 149 > ../certificates/expired_cert.pem"
116 try /bin/sh -c "cat out/2048-sha256-root.key out/2048-sha256-root.pem \ 150 try /bin/sh -c "cat out/2048-sha256-root.key out/2048-sha256-root.pem \
117 > ../certificates/root_ca_cert.pem" 151 > ../certificates/root_ca_cert.pem"
118 try /bin/sh -c "cat out/ok_cert.key out/name_constraint_bad.pem \ 152 try /bin/sh -c "cat out/ok_cert.key out/name_constraint_bad.pem \
119 > ../certificates/name_constraint_bad.pem" 153 > ../certificates/name_constraint_bad.pem"
120 try /bin/sh -c "cat out/ok_cert.key out/name_constraint_good.pem \ 154 try /bin/sh -c "cat out/ok_cert.key out/name_constraint_good.pem \
121 > ../certificates/name_constraint_good.pem" 155 > ../certificates/name_constraint_good.pem"
156 try /bin/sh -c "cat out/example_cert.key out/example_cert.pem \
157 > ../certificates/example_cert.pem"
158 try /bin/sh -c "cat out/www_example_cert.key out/www_example_cert.pem \
159 > ../certificates/www_example_cert.pem"
122 160
123 # Now generate the one-off certs 161 # Now generate the one-off certs
124 ## SHA-256 general test cert 162 ## SHA-256 general test cert
125 try openssl req -x509 -days 3650 \ 163 try openssl req -x509 -days 3650 \
126 -config ../scripts/ee.cnf -newkey rsa:2048 -text \ 164 -config ../scripts/ee.cnf -newkey rsa:2048 -text \
127 -sha256 \ 165 -sha256 \
128 -out ../certificates/sha256.pem 166 -out ../certificates/sha256.pem
129 167
130 ## Self-signed cert for SPDY/QUIC/HTTP2 pooling testing 168 ## Self-signed cert for SPDY/QUIC/HTTP2 pooling testing
131 try openssl req -x509 -days 3650 -extensions req_spdy_pooling \ 169 try openssl req -x509 -days 3650 -extensions req_spdy_pooling \
(...skipping 174 matching lines...) Expand 10 before | Expand all | Expand 10 after
306 ## Block a leaf cert by issuer-hash-and-serial. However, this will be issued 344 ## Block a leaf cert by issuer-hash-and-serial. However, this will be issued
307 ## from an intermediate CA issued underneath a root. 345 ## from an intermediate CA issued underneath a root.
308 try python crlsetutil.py -o ../certificates/crlset_by_intermediate_serial.raw \ 346 try python crlsetutil.py -o ../certificates/crlset_by_intermediate_serial.raw \
309 <<CRLSETBYINTERMEDIATESERIAL 347 <<CRLSETBYINTERMEDIATESERIAL
310 { 348 {
311 "BlockedByHash": { 349 "BlockedByHash": {
312 "../certificates/quic_intermediate.crt": [3] 350 "../certificates/quic_intermediate.crt": [3]
313 } 351 }
314 } 352 }
315 CRLSETBYINTERMEDIATESERIAL 353 CRLSETBYINTERMEDIATESERIAL
OLDNEW
« chrome/browser/ssl/ssl_error_handler_unittest.cc ('K') | « net/data/ssl/scripts/ee.cnf ('k') | net/test/spawned_test_server/base_test_server.h » ('j') | net/test/spawned_test_server/base_test_server.h » ('J')

Powered by Google App Engine
This is Rietveld 408576698