Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(150)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/tools/quic/certs/ca.cnf

Issue 1330223003: Add scripts for generating certs to be used with the quic_server (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 5 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | net/tools/quic/certs/generate-certs.sh » ('j') | net/tools/quic/certs/generate-certs.sh » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 # Defaults in the event they're not set in the environment 1 # Defaults in the event they're not set in the environment
2 CA_DIR = out 2 CA_DIR = out
3 KEY_SIZE = 2048 3 KEY_SIZE = 2048
4 ALGO = sha256 4 ALGO = sha256
5 CERT_TYPE = root 5 CERT_TYPE = root
6 CA_NAME = req_env_dn 6 CA_NAME = req_env_dn
7 7
8 [ca] 8 [ca]
9 default_ca = CA_root 9 default_ca = CA_root
10 preserve = yes 10 preserve = yes
(...skipping 26 matching lines...) Expand all
37 extendedKeyUsage = serverAuth,clientAuth 37 extendedKeyUsage = serverAuth,clientAuth
38 38
39 [name_constraint_bad] 39 [name_constraint_bad]
40 # A leaf cert that will violate the root's imposed name constraints 40 # A leaf cert that will violate the root's imposed name constraints
41 basicConstraints = critical, CA:false 41 basicConstraints = critical, CA:false
42 subjectKeyIdentifier = hash 42 subjectKeyIdentifier = hash
43 authorityKeyIdentifier = keyid:always 43 authorityKeyIdentifier = keyid:always
44 extendedKeyUsage = serverAuth,clientAuth 44 extendedKeyUsage = serverAuth,clientAuth
45 subjectAltName = @san_name_constraint_bad 45 subjectAltName = @san_name_constraint_bad
46 46
47 [name_constraint_good]
48 # A leaf cert that will match the root's imposed name constraints
49 basicConstraints = critical, CA:false
50 subjectKeyIdentifier = hash
51 authorityKeyIdentifier = keyid:always
52 extendedKeyUsage = serverAuth,clientAuth
53 subjectAltName = @san_name_constraint_good
54
55 [san_name_constraint_bad]
56 DNS.1 = test.ExAmPlE.CoM
57 DNS.2 = test.ExAmPlE.OrG
58
59 [san_name_constraint_good]
60 DNS.1 = test.ExAmPlE.CoM
61 DNS.2 = example.notarealtld
62
63 [ca_cert] 47 [ca_cert]
64 # Extensions to add when signing a request for an intermediate/CA cert 48 # Extensions to add when signing a request for an intermediate/CA cert
65 basicConstraints = critical, CA:true 49 basicConstraints = critical, CA:true
66 subjectKeyIdentifier = hash 50 subjectKeyIdentifier = hash
67 #authorityKeyIdentifier = keyid:always 51 #authorityKeyIdentifier = keyid:always
68 keyUsage = critical, keyCertSign, cRLSign 52 keyUsage = critical, keyCertSign, cRLSign
69 53
70 [crl_extensions] 54 [crl_extensions]
71 # Extensions to add when signing a CRL 55 # Extensions to add when signing a CRL
72 authorityKeyIdentifier = keyid:always 56 authorityKeyIdentifier = keyid:always
(...skipping 14 matching lines...) Expand all
87 # than the root CA, see README to find the appropriate configuration file 71 # than the root CA, see README to find the appropriate configuration file
88 # (ie: openssl_cert.cnf). 72 # (ie: openssl_cert.cnf).
89 default_bits = $ENV::KEY_SIZE 73 default_bits = $ENV::KEY_SIZE
90 default_md = sha256 74 default_md = sha256
91 string_mask = utf8only 75 string_mask = utf8only
92 prompt = no 76 prompt = no
93 encrypt_key = no 77 encrypt_key = no
94 distinguished_name = $ENV::CA_NAME 78 distinguished_name = $ENV::CA_NAME
95 x509_extensions = req_ca_exts 79 x509_extensions = req_ca_exts
96 80
97 [req_ca_dn]
98 C = US
99 ST = California
100 L = Mountain View
101 O = Test CA
102 CN = Test Root CA
103
104 [req_intermediate_dn]
105 C = US
106 ST = California
107 L = Mountain View
108 O = Test CA
109 CN = Test Intermediate CA
110
111 [req_env_dn] 81 [req_env_dn]
112 CN = $ENV::CA_COMMON_NAME 82 CN = QUIC Server Root CA
113 83
114 [req_ca_exts] 84 [req_ca_exts]
115 basicConstraints = critical, CA:true 85 basicConstraints = critical, CA:true
116 keyUsage = critical, keyCertSign, cRLSign 86 keyUsage = critical, keyCertSign, cRLSign
117 subjectKeyIdentifier = hash 87 subjectKeyIdentifier = hash
OLDNEW
« no previous file with comments | « no previous file | net/tools/quic/certs/generate-certs.sh » ('j') | net/tools/quic/certs/generate-certs.sh » ('J')

Powered by Google App Engine
This is Rietveld 408576698