| OLD | NEW |
|---|
| 1 #!/bin/sh | 1 #!/bin/sh |
| 2 | 2 |
| 3 # Copyright 2013 The Chromium Authors. All rights reserved. | 3 # Copyright 2013 The Chromium Authors. All rights reserved. |
| 4 # Use of this source code is governed by a BSD-style license that can be | 4 # Use of this source code is governed by a BSD-style license that can be |
| 5 # found in the LICENSE file. | 5 # found in the LICENSE file. |
| 6 | 6 |
| 7 # This script generates a set of test (end-entity, intermediate, root) | 7 # This script generates a set of test (end-entity, intermediate, root) |
| 8 # certificates that can be used to test fetching of an intermediate via AIA. | 8 # certificates that can be used to test fetching of an intermediate via AIA. |
| 9 | 9 |
| 10 try() { | 10 try() { |
| (...skipping 191 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 202 -out ../certificates/subjectAltName_sanity_check.pem | 202 -out ../certificates/subjectAltName_sanity_check.pem |
| 203 | 203 |
| 204 ## Punycode handling | 204 ## Punycode handling |
| 205 SUBJECT_NAME="req_punycode_dn" \ | 205 SUBJECT_NAME="req_punycode_dn" \ |
| 206 try openssl req -x509 -days 3650 -extensions req_punycode \ | 206 try openssl req -x509 -days 3650 -extensions req_punycode \ |
| 207 -config ../scripts/ee.cnf -newkey rsa:2048 -text \ | 207 -config ../scripts/ee.cnf -newkey rsa:2048 -text \ |
| 208 -out ../certificates/punycodetest.pem | 208 -out ../certificates/punycodetest.pem |
| 209 | 209 |
| 210 ## Reject intranet hostnames in "publicly" trusted certs | 210 ## Reject intranet hostnames in "publicly" trusted certs |
| 211 # 365 * 3 = 1095 | 211 # 365 * 3 = 1095 |
| 212 SUBJECT_NAME="req_dn" \ | 212 SUBJECT_NAME="req_intranet_dn" \ |
| 213 try openssl req -x509 -days 1095 \ | 213 try openssl req -x509 -days 1095 \ |
| 214 -config ../scripts/ee.cnf -newkey rsa:2048 -text \ | 214 -config ../scripts/ee.cnf -newkey rsa:2048 -text \ |
| 215 -out ../certificates/reject_intranet_hosts.pem | 215 -out ../certificates/reject_intranet_hosts.pem |
| 216 | 216 |
| 217 ## Leaf certificate with a large key; Apple's certificate verifier rejects with | 217 ## Leaf certificate with a large key; Apple's certificate verifier rejects with |
| 218 ## a fatal error if the key is bigger than 8192 bits. | 218 ## a fatal error if the key is bigger than 8192 bits. |
| 219 try openssl req -x509 -days 3650 \ | 219 try openssl req -x509 -days 3650 \ |
| 220 -config ../scripts/ee.cnf -newkey rsa:8200 -text \ | 220 -config ../scripts/ee.cnf -newkey rsa:8200 -text \ |
| 221 -sha256 \ | 221 -sha256 \ |
| 222 -out ../certificates/large_key.pem | 222 -out ../certificates/large_key.pem |
| (...skipping 219 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 442 ## Block a leaf cert by issuer-hash-and-serial. However, this will be issued | 442 ## Block a leaf cert by issuer-hash-and-serial. However, this will be issued |
| 443 ## from an intermediate CA issued underneath a root. | 443 ## from an intermediate CA issued underneath a root. |
| 444 try python crlsetutil.py -o ../certificates/crlset_by_intermediate_serial.raw \ | 444 try python crlsetutil.py -o ../certificates/crlset_by_intermediate_serial.raw \ |
| 445 <<CRLSETBYINTERMEDIATESERIAL | 445 <<CRLSETBYINTERMEDIATESERIAL |
| 446 { | 446 { |
| 447 "BlockedByHash": { | 447 "BlockedByHash": { |
| 448 "../certificates/intermediate_ca_cert.pem": [1] | 448 "../certificates/intermediate_ca_cert.pem": [1] |
| 449 } | 449 } |
| 450 } | 450 } |
| 451 CRLSETBYINTERMEDIATESERIAL | 451 CRLSETBYINTERMEDIATESERIAL |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2725683002:
Move name matching into the shared certificate validator (Closed)
