OLD | NEW |
1 #!/bin/sh | 1 #!/bin/sh |
2 | 2 |
3 # Copyright 2013 The Chromium Authors. All rights reserved. | 3 # Copyright 2013 The Chromium Authors. All rights reserved. |
4 # Use of this source code is governed by a BSD-style license that can be | 4 # Use of this source code is governed by a BSD-style license that can be |
5 # found in the LICENSE file. | 5 # found in the LICENSE file. |
6 | 6 |
7 # This script generates a set of test (end-entity, intermediate, root) | 7 # This script generates a set of test (end-entity, intermediate, root) |
8 # certificates that can be used to test fetching of an intermediate via AIA. | 8 # certificates that can be used to test fetching of an intermediate via AIA. |
9 | 9 |
10 try() { | 10 try() { |
(...skipping 191 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
202 -out ../certificates/subjectAltName_sanity_check.pem | 202 -out ../certificates/subjectAltName_sanity_check.pem |
203 | 203 |
204 ## Punycode handling | 204 ## Punycode handling |
205 SUBJECT_NAME="req_punycode_dn" \ | 205 SUBJECT_NAME="req_punycode_dn" \ |
206 try openssl req -x509 -days 3650 -extensions req_punycode \ | 206 try openssl req -x509 -days 3650 -extensions req_punycode \ |
207 -config ../scripts/ee.cnf -newkey rsa:2048 -text \ | 207 -config ../scripts/ee.cnf -newkey rsa:2048 -text \ |
208 -out ../certificates/punycodetest.pem | 208 -out ../certificates/punycodetest.pem |
209 | 209 |
210 ## Reject intranet hostnames in "publicly" trusted certs | 210 ## Reject intranet hostnames in "publicly" trusted certs |
211 # 365 * 3 = 1095 | 211 # 365 * 3 = 1095 |
212 SUBJECT_NAME="req_dn" \ | 212 SUBJECT_NAME="req_intranet_dn" \ |
213 try openssl req -x509 -days 1095 \ | 213 try openssl req -x509 -days 1095 \ |
214 -config ../scripts/ee.cnf -newkey rsa:2048 -text \ | 214 -config ../scripts/ee.cnf -newkey rsa:2048 -text \ |
215 -out ../certificates/reject_intranet_hosts.pem | 215 -out ../certificates/reject_intranet_hosts.pem |
216 | 216 |
217 ## Leaf certificate with a large key; Apple's certificate verifier rejects with | 217 ## Leaf certificate with a large key; Apple's certificate verifier rejects with |
218 ## a fatal error if the key is bigger than 8192 bits. | 218 ## a fatal error if the key is bigger than 8192 bits. |
219 try openssl req -x509 -days 3650 \ | 219 try openssl req -x509 -days 3650 \ |
220 -config ../scripts/ee.cnf -newkey rsa:8200 -text \ | 220 -config ../scripts/ee.cnf -newkey rsa:8200 -text \ |
221 -sha256 \ | 221 -sha256 \ |
222 -out ../certificates/large_key.pem | 222 -out ../certificates/large_key.pem |
(...skipping 219 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
442 ## Block a leaf cert by issuer-hash-and-serial. However, this will be issued | 442 ## Block a leaf cert by issuer-hash-and-serial. However, this will be issued |
443 ## from an intermediate CA issued underneath a root. | 443 ## from an intermediate CA issued underneath a root. |
444 try python crlsetutil.py -o ../certificates/crlset_by_intermediate_serial.raw \ | 444 try python crlsetutil.py -o ../certificates/crlset_by_intermediate_serial.raw \ |
445 <<CRLSETBYINTERMEDIATESERIAL | 445 <<CRLSETBYINTERMEDIATESERIAL |
446 { | 446 { |
447 "BlockedByHash": { | 447 "BlockedByHash": { |
448 "../certificates/intermediate_ca_cert.pem": [1] | 448 "../certificates/intermediate_ca_cert.pem": [1] |
449 } | 449 } |
450 } | 450 } |
451 CRLSETBYINTERMEDIATESERIAL | 451 CRLSETBYINTERMEDIATESERIAL |
OLD | NEW |