| OLD | NEW |
|---|
| 1 #!/bin/sh | 1 #!/bin/sh |
| 2 | 2 |
| 3 # Copyright 2013 The Chromium Authors. All rights reserved. | 3 # Copyright 2013 The Chromium Authors. All rights reserved. |
| 4 # Use of this source code is governed by a BSD-style license that can be | 4 # Use of this source code is governed by a BSD-style license that can be |
| 5 # found in the LICENSE file. | 5 # found in the LICENSE file. |
| 6 | 6 |
| 7 # This script generates a set of test (end-entity, intermediate, root) | 7 # This script generates a set of test (end-entity, intermediate, root) |
| 8 # certificates that can be used to test fetching of an intermediate via AIA. | 8 # certificates that can be used to test fetching of an intermediate via AIA. |
| 9 | 9 |
| 10 try() { | 10 try() { |
| (...skipping 146 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 157 -out ../certificates/punycodetest.pem | 157 -out ../certificates/punycodetest.pem |
| 158 | 158 |
| 159 ## Reject intranet hostnames in "publicly" trusted certs | 159 ## Reject intranet hostnames in "publicly" trusted certs |
| 160 # 365 * 3 = 1095 | 160 # 365 * 3 = 1095 |
| 161 SUBJECT_NAME="req_dn" \ | 161 SUBJECT_NAME="req_dn" \ |
| 162 try openssl req -x509 -days 1095 \ | 162 try openssl req -x509 -days 1095 \ |
| 163 -config ../scripts/ee.cnf -newkey rsa:2048 -text \ | 163 -config ../scripts/ee.cnf -newkey rsa:2048 -text \ |
| 164 -out ../certificates/reject_intranet_hosts.pem | 164 -out ../certificates/reject_intranet_hosts.pem |
| 165 | 165 |
| 166 ## Leaf certificate with a large key; Apple's certificate verifier rejects with | 166 ## Leaf certificate with a large key; Apple's certificate verifier rejects with |
| 167 ## a fatal error if the key is bigger than 4096 bits. | 167 ## a fatal error if the key is bigger than 8192 bits. |
| 168 try openssl req -x509 -days 3650 \ | 168 try openssl req -x509 -days 3650 \ |
| 169 -config ../scripts/ee.cnf -newkey rsa:4104 -text \ | 169 -config ../scripts/ee.cnf -newkey rsa:8200 -text \ |
| 170 -sha256 \ | 170 -sha256 \ |
| 171 -out ../certificates/large_key.pem | 171 -out ../certificates/large_key.pem |
| 172 | 172 |
| 173 ## SHA1 certificate expiring in 2016. | 173 ## SHA1 certificate expiring in 2016. |
| 174 try openssl req -config ../scripts/ee.cnf -sha1 \ | 174 try openssl req -config ../scripts/ee.cnf -sha1 \ |
| 175 -newkey rsa:2048 -text -out out/sha1_2016.req | 175 -newkey rsa:2048 -text -out out/sha1_2016.req |
| 176 CA_COMMON_NAME="Test Root CA" \ | 176 CA_COMMON_NAME="Test Root CA" \ |
| 177 try openssl ca \ | 177 try openssl ca \ |
| 178 -batch \ | 178 -batch \ |
| 179 -extensions user_cert \ | 179 -extensions user_cert \ |
| (...skipping 178 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 358 ## Block a leaf cert by issuer-hash-and-serial. However, this will be issued | 358 ## Block a leaf cert by issuer-hash-and-serial. However, this will be issued |
| 359 ## from an intermediate CA issued underneath a root. | 359 ## from an intermediate CA issued underneath a root. |
| 360 try python crlsetutil.py -o ../certificates/crlset_by_intermediate_serial.raw \ | 360 try python crlsetutil.py -o ../certificates/crlset_by_intermediate_serial.raw \ |
| 361 <<CRLSETBYINTERMEDIATESERIAL | 361 <<CRLSETBYINTERMEDIATESERIAL |
| 362 { | 362 { |
| 363 "BlockedByHash": { | 363 "BlockedByHash": { |
| 364 "../certificates/quic_intermediate.crt": [3] | 364 "../certificates/quic_intermediate.crt": [3] |
| 365 } | 365 } |
| 366 } | 366 } |
| 367 CRLSETBYINTERMEDIATESERIAL | 367 CRLSETBYINTERMEDIATESERIAL |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1490233005:
net: Fix CertVerifyProcTest.LargeKey for OSX 10.11. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master