OLD | NEW |
1 #!/bin/sh | 1 #!/bin/sh |
2 | 2 |
3 # Copyright 2013 The Chromium Authors. All rights reserved. | 3 # Copyright 2013 The Chromium Authors. All rights reserved. |
4 # Use of this source code is governed by a BSD-style license that can be | 4 # Use of this source code is governed by a BSD-style license that can be |
5 # found in the LICENSE file. | 5 # found in the LICENSE file. |
6 | 6 |
7 # This script generates a set of test (end-entity, intermediate, root) | 7 # This script generates a set of test (end-entity, intermediate, root) |
8 # certificates that can be used to test fetching of an intermediate via AIA. | 8 # certificates that can be used to test fetching of an intermediate via AIA. |
9 | 9 |
10 try() { | 10 try() { |
(...skipping 183 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
194 ## Self-signed cert for SPDY/QUIC/HTTP2 pooling testing | 194 ## Self-signed cert for SPDY/QUIC/HTTP2 pooling testing |
195 try openssl req -x509 -days 3650 -extensions req_spdy_pooling \ | 195 try openssl req -x509 -days 3650 -extensions req_spdy_pooling \ |
196 -config ../scripts/ee.cnf -newkey rsa:2048 -text \ | 196 -config ../scripts/ee.cnf -newkey rsa:2048 -text \ |
197 -out ../certificates/spdy_pooling.pem | 197 -out ../certificates/spdy_pooling.pem |
198 | 198 |
199 ## SubjectAltName parsing | 199 ## SubjectAltName parsing |
200 try openssl req -x509 -days 3650 -extensions req_san_sanity \ | 200 try openssl req -x509 -days 3650 -extensions req_san_sanity \ |
201 -config ../scripts/ee.cnf -newkey rsa:2048 -text \ | 201 -config ../scripts/ee.cnf -newkey rsa:2048 -text \ |
202 -out ../certificates/subjectAltName_sanity_check.pem | 202 -out ../certificates/subjectAltName_sanity_check.pem |
203 | 203 |
| 204 ## SubjectAltName containing www.example.com |
| 205 try openssl req -x509 -days 3650 -extensions req_san_example \ |
| 206 -config ../scripts/ee.cnf -newkey rsa:2048 -text \ |
| 207 -out ../certificates/subjectAltName_www_example_com.pem |
| 208 |
204 ## Punycode handling | 209 ## Punycode handling |
205 SUBJECT_NAME="req_punycode_dn" \ | 210 SUBJECT_NAME="req_punycode_dn" \ |
206 try openssl req -x509 -days 3650 -extensions req_punycode \ | 211 try openssl req -x509 -days 3650 -extensions req_punycode \ |
207 -config ../scripts/ee.cnf -newkey rsa:2048 -text \ | 212 -config ../scripts/ee.cnf -newkey rsa:2048 -text \ |
208 -out ../certificates/punycodetest.pem | 213 -out ../certificates/punycodetest.pem |
209 | 214 |
210 ## Reject intranet hostnames in "publicly" trusted certs | 215 ## Reject intranet hostnames in "publicly" trusted certs |
211 # 365 * 3 = 1095 | 216 # 365 * 3 = 1095 |
212 SUBJECT_NAME="req_intranet_dn" \ | 217 SUBJECT_NAME="req_intranet_dn" \ |
213 try openssl req -x509 -days 1095 -extensions req_intranet_san \ | 218 try openssl req -x509 -days 1095 -extensions req_intranet_san \ |
(...skipping 231 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
445 ## Block a leaf cert by issuer-hash-and-serial. However, this will be issued | 450 ## Block a leaf cert by issuer-hash-and-serial. However, this will be issued |
446 ## from an intermediate CA issued underneath a root. | 451 ## from an intermediate CA issued underneath a root. |
447 try python crlsetutil.py -o ../certificates/crlset_by_intermediate_serial.raw \ | 452 try python crlsetutil.py -o ../certificates/crlset_by_intermediate_serial.raw \ |
448 <<CRLSETBYINTERMEDIATESERIAL | 453 <<CRLSETBYINTERMEDIATESERIAL |
449 { | 454 { |
450 "BlockedByHash": { | 455 "BlockedByHash": { |
451 "../certificates/intermediate_ca_cert.pem": [1] | 456 "../certificates/intermediate_ca_cert.pem": [1] |
452 } | 457 } |
453 } | 458 } |
454 CRLSETBYINTERMEDIATESERIAL | 459 CRLSETBYINTERMEDIATESERIAL |
OLD | NEW |