Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(434)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/data/ssl/scripts/generate-test-certs.sh

Issue 2436233002: Record UMA metrics for Must-Staple certificates on private roots (Closed)
Patch Set: Add another histogram for OCSP response status Created 4 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« net/cert/cert_verify_proc.cc ('K') | « net/data/ssl/scripts/ee.cnf ('k') | tools/metrics/histograms/histograms.xml » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 #!/bin/sh 1 #!/bin/sh
2 2
3 # Copyright 2013 The Chromium Authors. All rights reserved. 3 # Copyright 2013 The Chromium Authors. All rights reserved.
4 # Use of this source code is governed by a BSD-style license that can be 4 # Use of this source code is governed by a BSD-style license that can be
5 # found in the LICENSE file. 5 # found in the LICENSE file.
6 6
7 # This script generates a set of test (end-entity, intermediate, root) 7 # This script generates a set of test (end-entity, intermediate, root)
8 # certificates that can be used to test fetching of an intermediate via AIA. 8 # certificates that can be used to test fetching of an intermediate via AIA.
9 9
10 try() { 10 try() {
(...skipping 353 matching lines...) Expand 10 before | Expand all | Expand 10 after
364 CA_COMMON_NAME="Test Root CA" \ 364 CA_COMMON_NAME="Test Root CA" \
365 try openssl ca \ 365 try openssl ca \
366 -batch \ 366 -batch \
367 -extensions user_cert \ 367 -extensions user_cert \
368 -startdate 160601000000Z \ 368 -startdate 160601000000Z \
369 -enddate 170703000000Z \ 369 -enddate 170703000000Z \
370 -in out/post_june_2016.req \ 370 -in out/post_june_2016.req \
371 -out ../certificates/post_june_2016.pem \ 371 -out ../certificates/post_june_2016.pem \
372 -config ca.cnf 372 -config ca.cnf
373 373
374 # Includes the TLS feature extension
375 try openssl req -x509 -newkey rsa:2048 \
376 -keyout out/tls_feature_extension.key \
377 -out ../certificates/tls_feature_extension.pem \
378 -days 365 \
379 -extensions req_extensions_with_tls_feature \
380 -nodes -config ee.cnf
381
374 382
375 # Regenerate CRLSets 383 # Regenerate CRLSets
376 ## Block a leaf cert directly by SPKI 384 ## Block a leaf cert directly by SPKI
377 try python crlsetutil.py -o ../certificates/crlset_by_leaf_spki.raw \ 385 try python crlsetutil.py -o ../certificates/crlset_by_leaf_spki.raw \
378 <<CRLBYLEAFSPKI 386 <<CRLBYLEAFSPKI
379 { 387 {
380 "BlockedBySPKI": ["../certificates/ok_cert.pem"] 388 "BlockedBySPKI": ["../certificates/ok_cert.pem"]
381 } 389 }
382 CRLBYLEAFSPKI 390 CRLBYLEAFSPKI
383 391
(...skipping 11 matching lines...) Expand all
395 ## Block a leaf cert by issuer-hash-and-serial. However, this will be issued 403 ## Block a leaf cert by issuer-hash-and-serial. However, this will be issued
396 ## from an intermediate CA issued underneath a root. 404 ## from an intermediate CA issued underneath a root.
397 try python crlsetutil.py -o ../certificates/crlset_by_intermediate_serial.raw \ 405 try python crlsetutil.py -o ../certificates/crlset_by_intermediate_serial.raw \
398 <<CRLSETBYINTERMEDIATESERIAL 406 <<CRLSETBYINTERMEDIATESERIAL
399 { 407 {
400 "BlockedByHash": { 408 "BlockedByHash": {
401 "../certificates/quic_intermediate.crt": [3] 409 "../certificates/quic_intermediate.crt": [3]
402 } 410 }
403 } 411 }
404 CRLSETBYINTERMEDIATESERIAL 412 CRLSETBYINTERMEDIATESERIAL
OLDNEW
« net/cert/cert_verify_proc.cc ('K') | « net/data/ssl/scripts/ee.cnf ('k') | tools/metrics/histograms/histograms.xml » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698