Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(13)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/tools/quic/certs/ca.cnf

Issue 1366693003: Remove name constraints from QUIC test leaf cert. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 5 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | net/tools/quic/certs/leaf.cnf » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 # Defaults in the event they're not set in the environment 1 # Defaults in the event they're not set in the environment
2 CA_DIR = out 2 CA_DIR = out
3 KEY_SIZE = 2048 3 KEY_SIZE = 2048
4 ALGO = sha256 4 ALGO = sha256
5 CERT_TYPE = root 5 CERT_TYPE = root
6 CA_NAME = req_env_dn 6 CA_NAME = req_env_dn
7 7
8 [ca] 8 [ca]
9 default_ca = CA_root 9 default_ca = CA_root
10 preserve = yes 10 preserve = yes
(...skipping 18 matching lines...) Expand all
29 unique_subject = no 29 unique_subject = no
30 copy_extensions = copy 30 copy_extensions = copy
31 31
32 [user_cert] 32 [user_cert]
33 # Extensions to add when signing a request for an EE cert 33 # Extensions to add when signing a request for an EE cert
34 basicConstraints = critical, CA:false 34 basicConstraints = critical, CA:false
35 subjectKeyIdentifier = hash 35 subjectKeyIdentifier = hash
36 authorityKeyIdentifier = keyid:always 36 authorityKeyIdentifier = keyid:always
37 extendedKeyUsage = serverAuth,clientAuth 37 extendedKeyUsage = serverAuth,clientAuth
38 38
39 [name_constraint_bad]
40 # A leaf cert that will violate the root's imposed name constraints
41 basicConstraints = critical, CA:false
42 subjectKeyIdentifier = hash
43 authorityKeyIdentifier = keyid:always
44 extendedKeyUsage = serverAuth,clientAuth
45 subjectAltName = @san_name_constraint_bad
46
47 [ca_cert] 39 [ca_cert]
48 # Extensions to add when signing a request for an intermediate/CA cert 40 # Extensions to add when signing a request for an intermediate/CA cert
49 basicConstraints = critical, CA:true 41 basicConstraints = critical, CA:true
50 subjectKeyIdentifier = hash 42 subjectKeyIdentifier = hash
51 #authorityKeyIdentifier = keyid:always
52 keyUsage = critical, keyCertSign, cRLSign 43 keyUsage = critical, keyCertSign, cRLSign
53 nameConstraints = permitted;DNS:mail.example.com
54 nameConstraints = permitted;DNS:mail.example.org
55 nameConstraints = permitted;DNS:www.example.com
56 44
57 [crl_extensions] 45 [crl_extensions]
58 # Extensions to add when signing a CRL 46 # Extensions to add when signing a CRL
59 authorityKeyIdentifier = keyid:always 47 authorityKeyIdentifier = keyid:always
60 48
61 [policy_anything] 49 [policy_anything]
62 # Default signing policy 50 # Default signing policy
63 countryName = optional 51 countryName = optional
64 stateOrProvinceName = optional 52 stateOrProvinceName = optional
65 localityName = optional 53 localityName = optional
(...skipping 15 matching lines...) Expand all
81 distinguished_name = $ENV::CA_NAME 69 distinguished_name = $ENV::CA_NAME
82 x509_extensions = req_ca_exts 70 x509_extensions = req_ca_exts
83 71
84 [req_env_dn] 72 [req_env_dn]
85 CN = QUIC Server Root CA 73 CN = QUIC Server Root CA
86 74
87 [req_ca_exts] 75 [req_ca_exts]
88 basicConstraints = critical, CA:true 76 basicConstraints = critical, CA:true
89 keyUsage = critical, keyCertSign, cRLSign 77 keyUsage = critical, keyCertSign, cRLSign
90 subjectKeyIdentifier = hash 78 subjectKeyIdentifier = hash
OLDNEW
« no previous file with comments | « no previous file | net/tools/quic/certs/leaf.cnf » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698