Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(29)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: tests/standalone/io/create_sample_certificates.sh

Issue 1420923006: Add unique serial numbers to sample X509 certificates. Remove the "sendClientCertificate" parameter… (Closed) Base URL: git@github.com:dart-lang/sdk.git@master
Patch Set: Delete all certificate signing private keys, so testers aren't vulnerable. Created 5 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « tests/standalone/io/certificates/untrusted_server_key.pem ('k') | tests/standalone/io/secure_server_client_certificate_test.dart » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: tests/standalone/io/create_sample_certificates.sh
diff --git a/tests/standalone/io/create_sample_certificates.sh b/tests/standalone/io/create_sample_certificates.sh
index eaa62f02a4f526770ce53ed471cfcda8a37cb4be..7ab6f75fb0d4d5eb8a8631da7535900529f73449 100755
--- a/tests/standalone/io/create_sample_certificates.sh
+++ b/tests/standalone/io/create_sample_certificates.sh
@@ -34,7 +34,7 @@ openssl req -subj /CN=intermediateauthority -batch -verbose \
# Sign the certificate of the intermediate authority with the root authority.
# Add the certificate extensions marking it as a certificate authority.
openssl x509 -req -in intermediate_authority_request.pem \
- -out intermediate_authority.pem -set_serial 1 \
+ -out intermediate_authority.pem -set_serial 2 \
-CA root_authority.pem -CAkey root_authority_key.pem \
-passin $password -extfile ../sample_certificate_v3_extensions \
-extensions intermediate_authority -days 3650
@@ -63,15 +63,23 @@ openssl req -subj /CN=user2 -batch -verbose -passout $password -new \
-keyout client2_key.pem -out client2_request.pem
# Sign the certificate requests with the client authority
-openssl x509 -req -in client1_request.pem -out client1.pem -set_serial 1 \
+openssl x509 -req -in client1_request.pem -out client1.pem -set_serial 2 \
-CA client_authority.pem -CAkey client_authority_key.pem \
-passin $password -extfile ../sample_certificate_v3_extensions \
-extensions client_certificate -days 3650
-openssl x509 -req -in client2_request.pem -out client2.pem -set_serial 1 \
+openssl x509 -req -in client2_request.pem -out client2.pem -set_serial 3 \
-CA client_authority.pem -CAkey client_authority_key.pem \
-passin $password -extfile ../sample_certificate_v3_extensions \
-extensions client_certificate -days 3650
+# Delete all the signing keys for the authorities, so testers that add
+# them as trusted are less vulnerable: only the sample server certificate
+# and client certificates will be signed by them. No more certificates
+# will ever be signed.
+rm root_authority_key.pem
+rm intermediate_authority.pem
+rm client_authority_key.pem
+
# Copy the certificates we will use to the 'certificates' directory.
CERTS=../certificates
cat localhost.pem intermediate_authority.pem root_authority.pem \
« no previous file with comments | « tests/standalone/io/certificates/untrusted_server_key.pem ('k') | tests/standalone/io/secure_server_client_certificate_test.dart » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698