| Index: net/data/ssl/scripts/generate-multi-root-test-chains.sh
|
| diff --git a/net/data/ssl/scripts/generate-multi-root-test-chains.sh b/net/data/ssl/scripts/generate-multi-root-test-chains.sh
|
| index 8f1b4e470b6df6cd480fa54f06ddc65db6dac62d..5de08df84cdb4b7b0b948242d882089141a3833c 100755
|
| --- a/net/data/ssl/scripts/generate-multi-root-test-chains.sh
|
| +++ b/net/data/ssl/scripts/generate-multi-root-test-chains.sh
|
| @@ -208,53 +208,20 @@
|
| cp out/E.pem ../certificates/multi-root-E-by-E.pem
|
|
|
| echo "Generating CRLSets"
|
| -# Block D and E by SPKI; invalidates all paths.
|
| -python crlsetutil.py -o ../certificates/multi-root-crlset-D-and-E.raw \
|
| -<<CRLSETDOCBLOCK
|
| -{
|
| - "BlockedBySPKI": [
|
| - "out/D.pem",
|
| - "out/E.pem"
|
| - ]
|
| -}
|
| -CRLSETDOCBLOCK
|
| -
|
| -# Block E by SPKI.
|
| -python crlsetutil.py -o ../certificates/multi-root-crlset-E.raw \
|
| -<<CRLSETDOCBLOCK
|
| -{
|
| - "BlockedBySPKI": [
|
| - "out/E.pem"
|
| - ]
|
| -}
|
| -CRLSETDOCBLOCK
|
| -
|
| -# Block C-by-D (serial number 0x1000) and F-by-E (serial number 0x1001) by
|
| -# way of serial number.
|
| -python crlsetutil.py -o ../certificates/multi-root-crlset-CD-and-FE.raw \
|
| -<<CRLSETDOCBLOCK
|
| +# Block C-by-E (serial number 0x1001) by way of serial number.
|
| +python crlsetutil.py -o ../certificates/multi-root-crlset-C-by-E.raw \
|
| +<<CRLSETBYSERIAL
|
| {
|
| "BlockedByHash": {
|
| - "out/D.pem": [4096],
|
| "out/E.pem": [4097]
|
| }
|
| }
|
| -CRLSETDOCBLOCK
|
| -
|
| -# Block C (all versions) by way of SPKI
|
| -python crlsetutil.py -o ../certificates/multi-root-crlset-C.raw \
|
| -<<CRLSETDOCBLOCK
|
| +CRLSETBYSERIAL
|
| +
|
| +# Block F (all versions) by way of SPKI
|
| +python crlsetutil.py -o ../certificates/multi-root-crlset-F.raw \
|
| +<<CRLSETBYSPKI
|
| {
|
| - "BlockedBySPKI": [ "out/C.pem" ]
|
| + "BlockedBySPKI": [ "out/F.pem" ]
|
| }
|
| -CRLSETDOCBLOCK
|
| -
|
| -# Block an unrelated/unissued serial (0x0FFF) to enable all paths.
|
| -python crlsetutil.py -o ../certificates/multi-root-crlset-unrelated.raw \
|
| -<<CRLSETDOCBLOCK
|
| -{
|
| - "BlockedByHash": {
|
| - "out/E.pem": [4095]
|
| - }
|
| -}
|
| -CRLSETDOCBLOCK
|
| +CRLSETBYSPKI
|
|
|
Chromium Code Reviews
Issue 1762923002:
Revert of Perform CRLSet evaluation during Path Building on NSS (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master