| Index: net/data/ssl/scripts/generate-bad-eku-certs.sh
|
| diff --git a/net/data/ssl/scripts/generate-bad-eku-certs.sh b/net/data/ssl/scripts/generate-bad-eku-certs.sh
|
| deleted file mode 100755
|
| index 5335b843fae2a7d81b69a8b769f4cbaba099d7b6..0000000000000000000000000000000000000000
|
| --- a/net/data/ssl/scripts/generate-bad-eku-certs.sh
|
| +++ /dev/null
|
| @@ -1,86 +0,0 @@
|
| -#!/bin/sh
|
| -
|
| -# Copyright 2013 The Chromium Authors. All rights reserved.
|
| -# Use of this source code is governed by a BSD-style license that can be
|
| -# found in the LICENSE file.
|
| -
|
| -# This script generates a set of test (end-entity, root) certificate chains
|
| -# whose EEs have (critical, non-critical) eKUs for codeSigning. We then try
|
| -# to use them as EEs for a web server in unit tests, to make sure that we
|
| -# don't accept such certs as web server certs.
|
| -
|
| -try () {
|
| - echo "$@"
|
| - "$@" || exit 1
|
| -}
|
| -
|
| -try rm -rf out
|
| -try mkdir out
|
| -
|
| -eku_test_root="2048-rsa-root"
|
| -
|
| -# Create the serial number files.
|
| -try /bin/sh -c "echo 01 > \"out/$eku_test_root-serial\""
|
| -
|
| -# Make sure the signers' DB files exist.
|
| -touch "out/$eku_test_root-index.txt"
|
| -
|
| -# Generate one root CA certificate.
|
| -try openssl genrsa -out "out/$eku_test_root.key" 2048
|
| -
|
| -CA_COMMON_NAME="2048 RSA Test Root CA" \
|
| - CA_DIR=out \
|
| - CA_NAME=req_env_dn \
|
| - KEY_SIZE=2048 \
|
| - ALGO=rsa \
|
| - CERT_TYPE=root \
|
| - try openssl req \
|
| - -new \
|
| - -key "out/$eku_test_root.key" \
|
| - -extensions ca_cert \
|
| - -out "out/$eku_test_root.csr" \
|
| - -config ca.cnf
|
| -
|
| -CA_COMMON_NAME="2048 RSA Test Root CA" \
|
| - CA_DIR=out \
|
| - CA_NAME=req_env_dn \
|
| - try openssl x509 \
|
| - -req -days 3650 \
|
| - -in "out/$eku_test_root.csr" \
|
| - -extensions ca_cert \
|
| - -extfile ca.cnf \
|
| - -signkey "out/$eku_test_root.key" \
|
| - -out "out/$eku_test_root.pem" \
|
| - -text
|
| -
|
| -# Generate EE certs.
|
| -for cert_type in non-crit-codeSigning crit-codeSigning
|
| -do
|
| - try openssl genrsa -out "out/$cert_type.key" 2048
|
| -
|
| - try openssl req \
|
| - -new \
|
| - -key "out/$cert_type.key" \
|
| - -out "out/$cert_type.csr" \
|
| - -config eku-test.cnf \
|
| - -reqexts "$cert_type"
|
| -
|
| - CA_COMMON_NAME="2048 rsa Test Root CA" \
|
| - CA_DIR=out \
|
| - CA_NAME=req_env_dn \
|
| - KEY_SIZE=2048 \
|
| - ALGO=rsa \
|
| - CERT_TYPE=root \
|
| - try openssl ca \
|
| - -batch \
|
| - -in "out/$cert_type.csr" \
|
| - -out "out/$cert_type.pem" \
|
| - -config ca.cnf
|
| -done
|
| -
|
| -# Copy to the file names that are actually checked in.
|
| -try cp "out/$eku_test_root.pem" ../certificates/eku-test-root.pem
|
| -try /bin/sh -c "cat out/crit-codeSigning.key out/crit-codeSigning.pem \
|
| - > ../certificates/crit-codeSigning-chain.pem"
|
| -try /bin/sh -c "cat out/non-crit-codeSigning.key out/non-crit-codeSigning.pem \
|
| - > ../certificates/non-crit-codeSigning-chain.pem"
|
|
|
Chromium Code Reviews
Issue 992733002:
Remove //net (except for Android test stuff) and sdch (Closed)
Base URL: git@github.com:domokit/mojo.git@master