Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(594)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/data/ssl/scripts/generate-test-certs.sh

Issue 1554793002: Add a new test certificate for *.example.org as wildcard.pem (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Fix README Created 4 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/data/ssl/scripts/ee.cnf ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 #!/bin/sh 1 #!/bin/sh
2 2
3 # Copyright 2013 The Chromium Authors. All rights reserved. 3 # Copyright 2013 The Chromium Authors. All rights reserved.
4 # Use of this source code is governed by a BSD-style license that can be 4 # Use of this source code is governed by a BSD-style license that can be
5 # found in the LICENSE file. 5 # found in the LICENSE file.
6 6
7 # This script generates a set of test (end-entity, intermediate, root) 7 # This script generates a set of test (end-entity, intermediate, root)
8 # certificates that can be used to test fetching of an intermediate via AIA. 8 # certificates that can be used to test fetching of an intermediate via AIA.
9 9
10 try() { 10 try() {
(...skipping 32 matching lines...) Expand 10 before | Expand all | Expand 10 after
43 -keyout out/expired_cert.key \ 43 -keyout out/expired_cert.key \
44 -out out/expired_cert.req \ 44 -out out/expired_cert.req \
45 -config ee.cnf 45 -config ee.cnf
46 46
47 try openssl req \ 47 try openssl req \
48 -new \ 48 -new \
49 -keyout out/ok_cert.key \ 49 -keyout out/ok_cert.key \
50 -out out/ok_cert.req \ 50 -out out/ok_cert.req \
51 -config ee.cnf 51 -config ee.cnf
52 52
53 try openssl req \
54 -new \
55 -keyout out/wildcard.key \
56 -out out/wildcard.req \
57 -reqexts req_wildcard \
58 -config ee.cnf
59
53 SUBJECT_NAME=req_localhost_cn \ 60 SUBJECT_NAME=req_localhost_cn \
54 try openssl req \ 61 try openssl req \
55 -new \ 62 -new \
56 -keyout out/localhost_cert.key \ 63 -keyout out/localhost_cert.key \
57 -out out/localhost_cert.req \ 64 -out out/localhost_cert.req \
58 -reqexts req_localhost_san \ 65 -reqexts req_localhost_san \
59 -config ee.cnf 66 -config ee.cnf
60 67
61 # Generate the leaf certificates 68 # Generate the leaf certificates
62 CA_COMMON_NAME="Test Root CA" \ 69 CA_COMMON_NAME="Test Root CA" \
(...skipping 11 matching lines...) Expand all
74 -batch \ 81 -batch \
75 -extensions user_cert \ 82 -extensions user_cert \
76 -days 3650 \ 83 -days 3650 \
77 -in out/ok_cert.req \ 84 -in out/ok_cert.req \
78 -out out/ok_cert.pem \ 85 -out out/ok_cert.pem \
79 -config ca.cnf 86 -config ca.cnf
80 87
81 CA_COMMON_NAME="Test Root CA" \ 88 CA_COMMON_NAME="Test Root CA" \
82 try openssl ca \ 89 try openssl ca \
83 -batch \ 90 -batch \
91 -extensions user_cert \
92 -days 3650 \
93 -in out/wildcard.req \
94 -out out/wildcard.pem \
95 -config ca.cnf
96
97 CA_COMMON_NAME="Test Root CA" \
98 try openssl ca \
99 -batch \
84 -extensions name_constraint_bad \ 100 -extensions name_constraint_bad \
85 -subj "/CN=Leaf certificate/" \ 101 -subj "/CN=Leaf certificate/" \
86 -days 3650 \ 102 -days 3650 \
87 -in out/ok_cert.req \ 103 -in out/ok_cert.req \
88 -out out/name_constraint_bad.pem \ 104 -out out/name_constraint_bad.pem \
89 -config ca.cnf 105 -config ca.cnf
90 106
91 CA_COMMON_NAME="Test Root CA" \ 107 CA_COMMON_NAME="Test Root CA" \
92 try openssl ca \ 108 try openssl ca \
93 -batch \ 109 -batch \
(...skipping 19 matching lines...) Expand all
113 -extensions user_cert \ 129 -extensions user_cert \
114 -subj "/CN=Leaf Certificate/" \ 130 -subj "/CN=Leaf Certificate/" \
115 -startdate 00010101000000Z \ 131 -startdate 00010101000000Z \
116 -enddate 00010101000000Z \ 132 -enddate 00010101000000Z \
117 -in out/ok_cert.req \ 133 -in out/ok_cert.req \
118 -out out/bad_validity.pem \ 134 -out out/bad_validity.pem \
119 -config ca.cnf 135 -config ca.cnf
120 136
121 try /bin/sh -c "cat out/ok_cert.key out/ok_cert.pem \ 137 try /bin/sh -c "cat out/ok_cert.key out/ok_cert.pem \
122 > ../certificates/ok_cert.pem" 138 > ../certificates/ok_cert.pem"
139 try /bin/sh -c "cat out/wildcard.key out/wildcard.pem \
140 > ../certificates/wildcard.pem"
123 try /bin/sh -c "cat out/localhost_cert.key out/localhost_cert.pem \ 141 try /bin/sh -c "cat out/localhost_cert.key out/localhost_cert.pem \
124 > ../certificates/localhost_cert.pem" 142 > ../certificates/localhost_cert.pem"
125 try /bin/sh -c "cat out/expired_cert.key out/expired_cert.pem \ 143 try /bin/sh -c "cat out/expired_cert.key out/expired_cert.pem \
126 > ../certificates/expired_cert.pem" 144 > ../certificates/expired_cert.pem"
127 try /bin/sh -c "cat out/2048-sha256-root.key out/2048-sha256-root.pem \ 145 try /bin/sh -c "cat out/2048-sha256-root.key out/2048-sha256-root.pem \
128 > ../certificates/root_ca_cert.pem" 146 > ../certificates/root_ca_cert.pem"
129 try /bin/sh -c "cat out/ok_cert.key out/name_constraint_bad.pem \ 147 try /bin/sh -c "cat out/ok_cert.key out/name_constraint_bad.pem \
130 > ../certificates/name_constraint_bad.pem" 148 > ../certificates/name_constraint_bad.pem"
131 try /bin/sh -c "cat out/ok_cert.key out/name_constraint_good.pem \ 149 try /bin/sh -c "cat out/ok_cert.key out/name_constraint_good.pem \
132 > ../certificates/name_constraint_good.pem" 150 > ../certificates/name_constraint_good.pem"
(...skipping 225 matching lines...) Expand 10 before | Expand all | Expand 10 after
358 ## Block a leaf cert by issuer-hash-and-serial. However, this will be issued 376 ## Block a leaf cert by issuer-hash-and-serial. However, this will be issued
359 ## from an intermediate CA issued underneath a root. 377 ## from an intermediate CA issued underneath a root.
360 try python crlsetutil.py -o ../certificates/crlset_by_intermediate_serial.raw \ 378 try python crlsetutil.py -o ../certificates/crlset_by_intermediate_serial.raw \
361 <<CRLSETBYINTERMEDIATESERIAL 379 <<CRLSETBYINTERMEDIATESERIAL
362 { 380 {
363 "BlockedByHash": { 381 "BlockedByHash": {
364 "../certificates/quic_intermediate.crt": [3] 382 "../certificates/quic_intermediate.crt": [3]
365 } 383 }
366 } 384 }
367 CRLSETBYINTERMEDIATESERIAL 385 CRLSETBYINTERMEDIATESERIAL
OLDNEW
« no previous file with comments | « net/data/ssl/scripts/ee.cnf ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698