net/data/ssl/scripts/generate-bad-self-signed.sh - Issue 1988993002: Check self-signed certificate names and signatures

Side by Side Diff

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Side by Side Diff: net/data/ssl/scripts/generate-bad-self-signed.sh

Issue 1988993002: Check self-signed certificate names and signatures (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Remove dependency on openssl -text format Created 4 years, 6 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
(Empty)
	1 #!/bin/bash

	2

	3 # Copyright 2016 The Chromium Authors. All rights reserved.

	4 # Use of this source code is governed by a BSD-style license that can be

	5 # found in the LICENSE file.

	6

	7 # This script generates self-signed-invalid-name.pem and

	8 # self-signed-invalid-sig.pem, which are "self-signed" test certificates with

	9 # invalid names/signatures, respectively.

	10 set -e

	11

	12 rm -rf out

	13 mkdir out

	14

	15 openssl genrsa -out out/bad-self-signed.key 2048

	16 touch out/bad-self-signed-index.txt

	17

	18 # Create two certificate requests with the same key, but different subjects

	19 SUBJECT_NAME="req_self_signed_a" \

	20 openssl req \

	21 -new \

	22 -key out/bad-self-signed.key \

	23 -out out/ss-a.req \

	24 -config ee.cnf

	25

	26 SUBJECT_NAME="req_self_signed_b" \

	27 openssl req \

	28 -new \

	29 -key out/bad-self-signed.key \

	30 -out out/ss-b.req \

	31 -config ee.cnf

	32

	33 # Create a normal self-signed certificate from one of these requests

	34 openssl x509 \

	35 -req \

	36 -in out/ss-a.req \

	37 -out out/bad-self-signed-root-a.pem \

	38 -signkey out/bad-self-signed.key \

	39 -days 3650

	40

	41 # To invalidate the signature without changing names, replace two bytes from the

	42 # end of the certificate with 0xdead.

	43 openssl x509 -in out/bad-self-signed-root-a.pem -outform DER \

	44 \| head -c -2 \

	45 > out/bad-sig.der.1

	46 echo -n -e "\xde\xad" > out/bad-sig.der.2

	47 cat out/bad-sig.der.1 out/bad-sig.der.2 \

	48 \| openssl x509 \

	49 -inform DER \

	50 -outform PEM \

	51 -out out/cert-self-signed-invalid-sig.pem

	52

	53 openssl x509 \

	54 -text \

	55 -noout \

	56 -in out/cert-self-signed-invalid-sig.pem \

	57 > out/self-signed-invalid-sig.pem

	58 cat out/cert-self-signed-invalid-sig.pem >> out/self-signed-invalid-sig.pem

	59

	60 # Make a "self-signed" certificate with mismatched names

	61 openssl x509 \

	62 -req \

	63 -in out/ss-b.req \

	64 -out out/cert-self-signed-invalid-name.pem \

	65 -days 3650 \

	66 -CA out/bad-self-signed-root-a.pem \

	67 -CAkey out/bad-self-signed.key \

	68 -CAserial out/bad-self-signed-serial.txt \

	69 -CAcreateserial

	70

	71 openssl x509 \

	72 -text \

	73 -noout \

	74 -in out/cert-self-signed-invalid-name.pem \

	75 > out/self-signed-invalid-name.pem

	76 cat out/cert-self-signed-invalid-name.pem >> out/self-signed-invalid-name.pem

	77

OLD	NEW

« no previous file with comments | « net/data/ssl/scripts/ee.cnf ('k') | net/net.gypi » ('j') | no next file with comments »