| OLD | NEW |
|---|
| 1 #!/bin/sh | 1 #!/bin/sh |
| 2 | 2 |
| 3 # Copyright 2013 The Chromium Authors. All rights reserved. | 3 # Copyright 2013 The Chromium Authors. All rights reserved. |
| 4 # Use of this source code is governed by a BSD-style license that can be | 4 # Use of this source code is governed by a BSD-style license that can be |
| 5 # found in the LICENSE file. | 5 # found in the LICENSE file. |
| 6 | 6 |
| 7 # This script generates a set of test (end-entity, intermediate, root) | 7 # This script generates a set of test (end-entity, intermediate, root) |
| 8 # certificates that can be used to test fetching of an intermediate via AIA. | 8 # certificates that can be used to test fetching of an intermediate via AIA. |
| 9 | 9 |
| 10 try() { | 10 try() { |
| (...skipping 183 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 194 ## Self-signed cert for SPDY/QUIC/HTTP2 pooling testing | 194 ## Self-signed cert for SPDY/QUIC/HTTP2 pooling testing |
| 195 try openssl req -x509 -days 3650 -extensions req_spdy_pooling \ | 195 try openssl req -x509 -days 3650 -extensions req_spdy_pooling \ |
| 196 -config ../scripts/ee.cnf -newkey rsa:2048 -text \ | 196 -config ../scripts/ee.cnf -newkey rsa:2048 -text \ |
| 197 -out ../certificates/spdy_pooling.pem | 197 -out ../certificates/spdy_pooling.pem |
| 198 | 198 |
| 199 ## SubjectAltName parsing | 199 ## SubjectAltName parsing |
| 200 try openssl req -x509 -days 3650 -extensions req_san_sanity \ | 200 try openssl req -x509 -days 3650 -extensions req_san_sanity \ |
| 201 -config ../scripts/ee.cnf -newkey rsa:2048 -text \ | 201 -config ../scripts/ee.cnf -newkey rsa:2048 -text \ |
| 202 -out ../certificates/subjectAltName_sanity_check.pem | 202 -out ../certificates/subjectAltName_sanity_check.pem |
| 203 | 203 |
| 204 ## SubjectAltName containing www.example.com |
| 205 try openssl req -x509 -days 3650 -extensions req_san_example \ |
| 206 -config ../scripts/ee.cnf -newkey rsa:2048 -text \ |
| 207 -out ../certificates/subjectAltName_www_example_com.pem |
| 208 |
| 204 ## Punycode handling | 209 ## Punycode handling |
| 205 SUBJECT_NAME="req_punycode_dn" \ | 210 SUBJECT_NAME="req_punycode_dn" \ |
| 206 try openssl req -x509 -days 3650 -extensions req_punycode \ | 211 try openssl req -x509 -days 3650 -extensions req_punycode \ |
| 207 -config ../scripts/ee.cnf -newkey rsa:2048 -text \ | 212 -config ../scripts/ee.cnf -newkey rsa:2048 -text \ |
| 208 -out ../certificates/punycodetest.pem | 213 -out ../certificates/punycodetest.pem |
| 209 | 214 |
| 210 ## Reject intranet hostnames in "publicly" trusted certs | 215 ## Reject intranet hostnames in "publicly" trusted certs |
| 211 # 365 * 3 = 1095 | 216 # 365 * 3 = 1095 |
| 212 SUBJECT_NAME="req_intranet_dn" \ | 217 SUBJECT_NAME="req_intranet_dn" \ |
| 213 try openssl req -x509 -days 1095 -extensions req_intranet_san \ | 218 try openssl req -x509 -days 1095 -extensions req_intranet_san \ |
| (...skipping 231 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 445 ## Block a leaf cert by issuer-hash-and-serial. However, this will be issued | 450 ## Block a leaf cert by issuer-hash-and-serial. However, this will be issued |
| 446 ## from an intermediate CA issued underneath a root. | 451 ## from an intermediate CA issued underneath a root. |
| 447 try python crlsetutil.py -o ../certificates/crlset_by_intermediate_serial.raw \ | 452 try python crlsetutil.py -o ../certificates/crlset_by_intermediate_serial.raw \ |
| 448 <<CRLSETBYINTERMEDIATESERIAL | 453 <<CRLSETBYINTERMEDIATESERIAL |
| 449 { | 454 { |
| 450 "BlockedByHash": { | 455 "BlockedByHash": { |
| 451 "../certificates/intermediate_ca_cert.pem": [1] | 456 "../certificates/intermediate_ca_cert.pem": [1] |
| 452 } | 457 } |
| 453 } | 458 } |
| 454 CRLSETBYINTERMEDIATESERIAL | 459 CRLSETBYINTERMEDIATESERIAL |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2804883005:
Update SSL error handling code to account for Subject CN deprecation (Closed)
