net/tools/quic/certs/ca.cnf - Issue 1330223003: Add scripts for generating certs to be used with the quic_server

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: net/tools/quic/certs/ca.cnf

Issue 1330223003: Add scripts for generating certs to be used with the quic_server (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Add nameConstraints and 3 day expiration Created 5 years, 3 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: net/tools/quic/certs/ca.cnf

diff --git a/net/data/ssl/scripts/ca.cnf b/net/tools/quic/certs/ca.cnf

similarity index 79%

copy from net/data/ssl/scripts/ca.cnf

copy to net/tools/quic/certs/ca.cnf

index 1b78e01985e3f332c890c7c1f90ad34c92373677..da0e416af5c6e4a6dd3d32c4586c48f2f9cf3ad0 100644

--- a/net/data/ssl/scripts/ca.cnf

+++ b/net/tools/quic/certs/ca.cnf

@@ -44,28 +44,15 @@ authorityKeyIdentifier = keyid:always

extendedKeyUsage = serverAuth,clientAuth

subjectAltName = @san_name_constraint_bad

-[name_constraint_good]

-# A leaf cert that will match the root's imposed name constraints

-basicConstraints = critical, CA:false

-subjectKeyIdentifier = hash

-authorityKeyIdentifier = keyid:always

-extendedKeyUsage = serverAuth,clientAuth

-subjectAltName = @san_name_constraint_good

-[san_name_constraint_bad]

-DNS.1 = test.ExAmPlE.CoM

-DNS.2 = test.ExAmPlE.OrG

-[san_name_constraint_good]

-DNS.1 = test.ExAmPlE.CoM

-DNS.2 = example.notarealtld

[ca_cert]

# Extensions to add when signing a request for an intermediate/CA cert

basicConstraints = critical, CA:true

subjectKeyIdentifier = hash

#authorityKeyIdentifier = keyid:always

keyUsage = critical, keyCertSign, cRLSign

+nameConstraints = permitted;DNS:mail.example.com

+nameConstraints = permitted;DNS:mail.example.org

+nameConstraints = permitted;DNS:www.example.com

[crl_extensions]

# Extensions to add when signing a CRL

@@ -94,22 +81,8 @@ encrypt_key = no

distinguished_name = $ENV::CA_NAME

x509_extensions = req_ca_exts

-[req_ca_dn]

-C = US

-ST = California

-L = Mountain View

-O = Test CA

-CN = Test Root CA

-[req_intermediate_dn]

-C = US

-ST = California

-L = Mountain View

-O = Test CA

-CN = Test Intermediate CA

[req_env_dn]

-CN = $ENV::CA_COMMON_NAME

+CN = QUIC Server Root CA

[req_ca_exts]

basicConstraints = critical, CA:true

« no previous file with comments | « no previous file | net/tools/quic/certs/generate-certs.sh » ('j') | net/tools/quic/certs/generate-certs.sh » ('J')