Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(97)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/data/ssl/scripts/policy.cnf

Issue 18223006: Add script for generating certificates that require an explicit policy (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Created 7 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« net/data/ssl/scripts/generate-policy-certs.sh ('K') | « net/data/ssl/scripts/generate-policy-certs.sh ('k') | net/test/test_certificate_data.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 CA_DIR=out 1 CA_DIR=out
2 CA_NAME=aia-test-root 2 CA_NAME=policy-root
3 AIA_URL=http://aia-test.invalid
4 3
5 [ca] 4 [ca]
6 default_ca = CA_root 5 default_ca = CA_root
7 preserve = yes 6 preserve = yes
8 7
9 [CA_root] 8 [CA_root]
10 dir = ${ENV::CA_DIR} 9 dir = ${ENV::CA_DIR}
11 key_size = 2048 10 key_size = 2048
12 algo = sha1 11 algo = sha1
13 database = $dir/${ENV::CA_NAME}-index.txt 12 database = $dir/${ENV::CA_NAME}-index.txt
14 new_certs_dir = $dir 13 new_certs_dir = $dir
15 serial = $dir/${ENV::CA_NAME}-serial 14 serial = $dir/${ENV::CA_NAME}-serial
16 certificate = $dir/${ENV::CA_NAME}.pem 15 certificate = $dir/${ENV::CA_NAME}.pem
17 private_key = $dir/${ENV::CA_NAME}.key 16 private_key = $dir/${ENV::CA_NAME}.key
18 RANDFILE = $dir/.rand 17 RANDFILE = $dir/.rand
19 default_days = 3650 18 default_days = 3650
20 default_crl_days = 30 19 default_crl_days = 30
21 default_md = sha1 20 default_md = sha1
22 policy = policy_anything 21 policy = policy_anything
23 unique_subject = no 22 unique_subject = no
24 copy_extensions = copy 23 copy_extensions = copy
25 24
26 [user_cert] 25 [user_cert]
27 basicConstraints = critical, CA:false 26 basicConstraints = critical, CA:false
28 extendedKeyUsage = serverAuth, clientAuth 27 extendedKeyUsage = serverAuth, clientAuth
29 authorityInfoAccess = caIssuers;URI:${ENV::AIA_URL} 28 certificatePolicies = 1.2.3.4
30 29
31 [ca_cert] 30 [ca_cert]
32 basicConstraints = critical, CA:true 31 basicConstraints = critical, CA:true
33 keyUsage = critical, keyCertSign, cRLSign 32 keyUsage = critical, digitalSignature, keyCertSign, cRLSign
33
34 [intermediate_cert]
35 basicConstraints = critical, CA:true
36 keyUsage = critical, digitalSignature, keyCertSign, cRLSign
37 policyConstraints = requireExplicitPolicy:0
38 certificatePolicies = 1.2.3.4, 1.2.3.4.5, 1.2.3.5
34 39
35 [policy_anything] 40 [policy_anything]
36 # Default signing policy 41 # Default signing policy
37 countryName = optional 42 countryName = optional
38 stateOrProvinceName = optional 43 stateOrProvinceName = optional
39 localityName = optional 44 localityName = optional
40 organizationName = optional 45 organizationName = optional
41 organizationalUnitName = optional 46 organizationalUnitName = optional
42 commonName = optional 47 commonName = optional
43 emailAddress = optional 48 emailAddress = optional
44 49
45 [req] 50 [req]
46 default_bits = 2048 51 default_bits = 2048
47 default_md = sha1 52 default_md = sha1
48 string_mask = utf8only 53 string_mask = utf8only
49 prompt = no 54 prompt = no
50 encrypt_key = no 55 encrypt_key = no
51 distinguished_name = req_env_dn 56 distinguished_name = req_env_dn
52 57
53 [req_env_dn] 58 [req_env_dn]
54 CN = ${ENV::CA_COMMON_NAME} 59 CN = ${ENV::CA_COMMON_NAME}
55 60
OLDNEW
« net/data/ssl/scripts/generate-policy-certs.sh ('K') | « net/data/ssl/scripts/generate-policy-certs.sh ('k') | net/test/test_certificate_data.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698