Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(340)

Side by Side Diff: net/data/ssl/scripts/ca.cnf

Issue 515583004: Update test cert generation scripts to use SHA-256 by default (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@test_cert_scripts
Patch Set: Rebased Created 6 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/data/ssl/scripts/aia-test.cnf ('k') | net/data/ssl/scripts/client-certs.cnf » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 # Defaults in the event they're not set in the environment 1 # Defaults in the event they're not set in the environment
2 CA_DIR = out 2 CA_DIR = out
3 KEY_SIZE = 2048 3 KEY_SIZE = 2048
4 ALGO = sha1 4 ALGO = sha256
5 CERT_TYPE = root 5 CERT_TYPE = root
6 CA_NAME = req_env_dn 6 CA_NAME = req_env_dn
7 7
8 [ca] 8 [ca]
9 default_ca = CA_root 9 default_ca = CA_root
10 preserve = yes 10 preserve = yes
11 11
12 # The default test root, used to generate certificates and CRLs. 12 # The default test root, used to generate certificates and CRLs.
13 [CA_root] 13 [CA_root]
14 dir = $ENV::CA_DIR 14 dir = $ENV::CA_DIR
15 key_size = $ENV::KEY_SIZE 15 key_size = $ENV::KEY_SIZE
16 algo = $ENV::ALGO 16 algo = $ENV::ALGO
17 cert_type = $ENV::CERT_TYPE 17 cert_type = $ENV::CERT_TYPE
18 type = $key_size-$algo-$cert_type 18 type = $key_size-$algo-$cert_type
19 database = $dir/$type-index.txt 19 database = $dir/$type-index.txt
20 new_certs_dir = $dir 20 new_certs_dir = $dir
21 serial = $dir/$type-serial 21 serial = $dir/$type-serial
22 certificate = $dir/$type.pem 22 certificate = $dir/$type.pem
23 private_key = $dir/$type.key 23 private_key = $dir/$type.key
24 RANDFILE = $dir/.rand 24 RANDFILE = $dir/.rand
25 default_days = 3650 25 default_days = 3650
26 default_crl_days = 30 26 default_crl_days = 30
27 default_md = sha1 27 default_md = sha256
28 policy = policy_anything 28 policy = policy_anything
29 unique_subject = no 29 unique_subject = no
30 copy_extensions = copy 30 copy_extensions = copy
31 31
32 [user_cert] 32 [user_cert]
33 # Extensions to add when signing a request for an EE cert 33 # Extensions to add when signing a request for an EE cert
34 basicConstraints = critical, CA:false 34 basicConstraints = critical, CA:false
35 subjectKeyIdentifier = hash 35 subjectKeyIdentifier = hash
36 authorityKeyIdentifier = keyid:always 36 authorityKeyIdentifier = keyid:always
37 extendedKeyUsage = serverAuth,clientAuth 37 extendedKeyUsage = serverAuth,clientAuth
38 38
39 [name_constraint_bad]
40 # A leaf cert that will violate the root's imposed name constraints
41 basicConstraints = critical, CA:false
42 subjectKeyIdentifier = hash
43 authorityKeyIdentifier = keyid:always
44 extendedKeyUsage = serverAuth,clientAuth
45 subjectAltName = @san_name_constraint_bad
46
47 [name_constraint_good]
48 # A leaf cert that will match the root's imposed name constraints
49 basicConstraints = critical, CA:false
50 subjectKeyIdentifier = hash
51 authorityKeyIdentifier = keyid:always
52 extendedKeyUsage = serverAuth,clientAuth
53 subjectAltName = @san_name_constraint_good
54
55 [san_name_constraint_bad]
56 DNS.1 = test.ExAmPlE.CoM
57 DNS.2 = test.ExAmPlE.OrG
58
59 [san_name_constraint_good]
60 DNS.1 = test.ExAmPlE.CoM
61 DNS.2 = example.notarealtld
62
39 [ca_cert] 63 [ca_cert]
40 # Extensions to add when signing a request for an intermediate/CA cert 64 # Extensions to add when signing a request for an intermediate/CA cert
41 basicConstraints = critical, CA:true 65 basicConstraints = critical, CA:true
42 subjectKeyIdentifier = hash 66 subjectKeyIdentifier = hash
43 #authorityKeyIdentifier = keyid:always 67 #authorityKeyIdentifier = keyid:always
44 keyUsage = critical, keyCertSign, cRLSign 68 keyUsage = critical, keyCertSign, cRLSign
45 69
46 [crl_extensions] 70 [crl_extensions]
47 # Extensions to add when signing a CRL 71 # Extensions to add when signing a CRL
48 authorityKeyIdentifier = keyid:always 72 authorityKeyIdentifier = keyid:always
49 73
50 [policy_anything] 74 [policy_anything]
51 # Default signing policy 75 # Default signing policy
52 countryName = optional 76 countryName = optional
53 stateOrProvinceName = optional 77 stateOrProvinceName = optional
54 localityName = optional 78 localityName = optional
55 organizationName = optional 79 organizationName = optional
56 organizationalUnitName = optional 80 organizationalUnitName = optional
57 commonName = optional 81 commonName = optional
58 emailAddress = optional 82 emailAddress = optional
59 83
60 [req] 84 [req]
61 # The request section used to generate the root CA certificate. This should 85 # The request section used to generate the root CA certificate. This should
62 # not be used to generate end-entity certificates. For certificates other 86 # not be used to generate end-entity certificates. For certificates other
63 # than the root CA, see README to find the appropriate configuration file 87 # than the root CA, see README to find the appropriate configuration file
64 # (ie: openssl_cert.cnf). 88 # (ie: openssl_cert.cnf).
65 default_bits = $ENV::KEY_SIZE 89 default_bits = $ENV::KEY_SIZE
66 default_md = sha1 90 default_md = sha256
67 string_mask = utf8only 91 string_mask = utf8only
68 prompt = no 92 prompt = no
69 encrypt_key = no 93 encrypt_key = no
70 distinguished_name = $ENV::CA_NAME 94 distinguished_name = $ENV::CA_NAME
71 x509_extensions = req_ca_exts 95 x509_extensions = req_ca_exts
72 96
73 [req_ca_dn] 97 [req_ca_dn]
74 C = US 98 C = US
75 ST = California 99 ST = California
76 L = Mountain View 100 L = Mountain View
77 O = Test CA 101 O = Test CA
78 CN = Test Root CA 102 CN = Test Root CA
79 103
80 [req_intermediate_dn] 104 [req_intermediate_dn]
81 C = US 105 C = US
82 ST = California 106 ST = California
83 L = Mountain View 107 L = Mountain View
84 O = Test CA 108 O = Test CA
85 CN = Test Intermediate CA 109 CN = Test Intermediate CA
86 110
87 [req_env_dn] 111 [req_env_dn]
88 CN = $ENV::CA_COMMON_NAME 112 CN = $ENV::CA_COMMON_NAME
89 113
90 [req_ca_exts] 114 [req_ca_exts]
91 basicConstraints = critical, CA:true 115 basicConstraints = critical, CA:true
92 keyUsage = critical, keyCertSign, cRLSign 116 keyUsage = critical, keyCertSign, cRLSign
93 subjectKeyIdentifier = hash 117 subjectKeyIdentifier = hash
OLDNEW
« no previous file with comments | « net/data/ssl/scripts/aia-test.cnf ('k') | net/data/ssl/scripts/client-certs.cnf » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698