OLD | NEW |
1 #!/bin/sh | 1 #!/bin/sh |
2 | 2 |
3 # Copyright 2013 The Chromium Authors. All rights reserved. | 3 # Copyright 2013 The Chromium Authors. All rights reserved. |
4 # Use of this source code is governed by a BSD-style license that can be | 4 # Use of this source code is governed by a BSD-style license that can be |
5 # found in the LICENSE file. | 5 # found in the LICENSE file. |
6 | 6 |
7 # This script generates a set of test (end-entity, intermediate, root) | 7 # This script generates a set of test (end-entity, intermediate, root) |
8 # certificates that can be used to test fetching of an intermediate via AIA. | 8 # certificates that can be used to test fetching of an intermediate via AIA. |
9 | 9 |
10 try() { | 10 try() { |
(...skipping 192 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
203 | 203 |
204 ## Punycode handling | 204 ## Punycode handling |
205 SUBJECT_NAME="req_punycode_dn" \ | 205 SUBJECT_NAME="req_punycode_dn" \ |
206 try openssl req -x509 -days 3650 -extensions req_punycode \ | 206 try openssl req -x509 -days 3650 -extensions req_punycode \ |
207 -config ../scripts/ee.cnf -newkey rsa:2048 -text \ | 207 -config ../scripts/ee.cnf -newkey rsa:2048 -text \ |
208 -out ../certificates/punycodetest.pem | 208 -out ../certificates/punycodetest.pem |
209 | 209 |
210 ## Reject intranet hostnames in "publicly" trusted certs | 210 ## Reject intranet hostnames in "publicly" trusted certs |
211 # 365 * 3 = 1095 | 211 # 365 * 3 = 1095 |
212 SUBJECT_NAME="req_intranet_dn" \ | 212 SUBJECT_NAME="req_intranet_dn" \ |
213 try openssl req -x509 -days 1095 \ | 213 try openssl req -x509 -days 1095 -extensions req_intranet_san \ |
214 -config ../scripts/ee.cnf -newkey rsa:2048 -text \ | 214 -config ../scripts/ee.cnf -newkey rsa:2048 -text \ |
215 -out ../certificates/reject_intranet_hosts.pem | 215 -out ../certificates/reject_intranet_hosts.pem |
216 | 216 |
217 ## Leaf certificate with a large key; Apple's certificate verifier rejects with | 217 ## Leaf certificate with a large key; Apple's certificate verifier rejects with |
218 ## a fatal error if the key is bigger than 8192 bits. | 218 ## a fatal error if the key is bigger than 8192 bits. |
219 try openssl req -x509 -days 3650 \ | 219 try openssl req -x509 -days 3650 \ |
220 -config ../scripts/ee.cnf -newkey rsa:8200 -text \ | 220 -config ../scripts/ee.cnf -newkey rsa:8200 -text \ |
221 -sha256 \ | 221 -sha256 \ |
222 -out ../certificates/large_key.pem | 222 -out ../certificates/large_key.pem |
223 | 223 |
(...skipping 221 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
445 ## Block a leaf cert by issuer-hash-and-serial. However, this will be issued | 445 ## Block a leaf cert by issuer-hash-and-serial. However, this will be issued |
446 ## from an intermediate CA issued underneath a root. | 446 ## from an intermediate CA issued underneath a root. |
447 try python crlsetutil.py -o ../certificates/crlset_by_intermediate_serial.raw \ | 447 try python crlsetutil.py -o ../certificates/crlset_by_intermediate_serial.raw \ |
448 <<CRLSETBYINTERMEDIATESERIAL | 448 <<CRLSETBYINTERMEDIATESERIAL |
449 { | 449 { |
450 "BlockedByHash": { | 450 "BlockedByHash": { |
451 "../certificates/intermediate_ca_cert.pem": [1] | 451 "../certificates/intermediate_ca_cert.pem": [1] |
452 } | 452 } |
453 } | 453 } |
454 CRLSETBYINTERMEDIATESERIAL | 454 CRLSETBYINTERMEDIATESERIAL |
OLD | NEW |