| Index: net/data/ssl/scripts/generate-cross-signed-certs.sh
|
| diff --git a/net/data/ssl/scripts/generate-cross-signed-certs.sh b/net/data/ssl/scripts/generate-cross-signed-certs.sh
|
| deleted file mode 100755
|
| index c9f94d02230ff3d0dfed94a45cf334493b4c4511..0000000000000000000000000000000000000000
|
| --- a/net/data/ssl/scripts/generate-cross-signed-certs.sh
|
| +++ /dev/null
|
| @@ -1,92 +0,0 @@
|
| -#!/bin/sh
|
| -
|
| -# Copyright 2013 The Chromium Authors. All rights reserved.
|
| -# Use of this source code is governed by a BSD-style license that can be
|
| -# found in the LICENSE file.
|
| -
|
| -# This script generates a two roots - one legacy one signed with MD5, and
|
| -# another (newer) one signed with SHA1 - and has a leaf certificate signed
|
| -# by these without any distinguishers.
|
| -#
|
| -# The "cross-signed" comes from the fact that both the MD5 and SHA1 roots share
|
| -# the same Authority Key ID, Subject Key ID, Subject, and Subject Public Key
|
| -# Info. When the chain building algorithm is evaluating paths, if it prefers
|
| -# untrusted over trusted, then it will see the MD5 certificate as a self-signed
|
| -# cert that is "cross-signed" by the trusted SHA1 root.
|
| -#
|
| -# The SHA1 root should be (temporarily) trusted, and the resulting chain
|
| -# should be leaf -> SHA1root, not leaf -> MD5root, leaf -> SHA1root -> MD5root,
|
| -# or leaf -> MD5root -> SHA1root
|
| -
|
| -try() {
|
| - echo "$@"
|
| - "$@" || exit 1
|
| -}
|
| -
|
| -try rm -rf out
|
| -try mkdir out
|
| -
|
| -try /bin/sh -c "echo 01 > out/2048-sha1-root-serial"
|
| -try /bin/sh -c "echo 02 > out/2048-md5-root-serial"
|
| -touch out/2048-sha1-root-index.txt
|
| -touch out/2048-md5-root-index.txt
|
| -
|
| -# Generate the key
|
| -try openssl genrsa -out out/2048-sha1-root.key 2048
|
| -
|
| -# Generate the root certificate
|
| -CA_COMMON_NAME="Test Dup-Hash Root CA" \
|
| - try openssl req \
|
| - -new \
|
| - -key out/2048-sha1-root.key \
|
| - -out out/2048-sha1-root.req \
|
| - -config ca.cnf
|
| -
|
| -CA_COMMON_NAME="Test Dup-Hash Root CA" \
|
| - try openssl x509 \
|
| - -req -days 3650 \
|
| - -sha1 \
|
| - -in out/2048-sha1-root.req \
|
| - -out out/2048-sha1-root.pem \
|
| - -text \
|
| - -signkey out/2048-sha1-root.key \
|
| - -extfile ca.cnf \
|
| - -extensions ca_cert
|
| -
|
| -CA_COMMON_NAME="Test Dup-Hash Root CA" \
|
| - try openssl x509 \
|
| - -req -days 3650 \
|
| - -md5 \
|
| - -in out/2048-sha1-root.req \
|
| - -out out/2048-md5-root.pem \
|
| - -text \
|
| - -signkey out/2048-sha1-root.key \
|
| - -extfile ca.cnf \
|
| - -extensions ca_cert
|
| -
|
| -# Generate the leaf certificate request
|
| -try openssl req \
|
| - -new \
|
| - -keyout out/ok_cert.key \
|
| - -out out/ok_cert.req \
|
| - -config ee.cnf
|
| -
|
| -# Generate the leaf certificates
|
| -CA_COMMON_NAME="Test Dup-Hash Root CA" \
|
| - try openssl ca \
|
| - -batch \
|
| - -extensions user_cert \
|
| - -days 3650 \
|
| - -in out/ok_cert.req \
|
| - -out out/ok_cert.pem \
|
| - -config ca.cnf
|
| -
|
| -try openssl x509 -text \
|
| - -in out/2048-md5-root.pem \
|
| - -out ../certificates/cross-signed-root-md5.pem
|
| -try openssl x509 -text \
|
| - -in out/2048-sha1-root.pem \
|
| - -out ../certificates/cross-signed-root-sha1.pem
|
| -try openssl x509 -text \
|
| - -in out/ok_cert.pem \
|
| - -out ../certificates/cross-signed-leaf.pem
|
|
|
Chromium Code Reviews
Issue 992733002:
Remove //net (except for Android test stuff) and sdch (Closed)
Base URL: git@github.com:domokit/mojo.git@master