curl/tests/certs/scripts, branch master cURL mirror with patches applied copyright: fix out-of-date copyright ranges and missing headers 2020-03-24T14:05:59+00:00 Daniel Stenberg daniel@haxx.se 2020-03-23T13:44:29+00:00 9a8b3b3e131359aea1cac650fb6ac331fbe2047c Reported by the new script 'scripts/copyright.pl'. The script has a regex whitelist for the files that don't need copyright headers. Removed three (mostly usesless) README files from docs/ Closes #5141 
Reported by the new script 'scripts/copyright.pl'. The script has a
regex whitelist for the files that don't need copyright headers.

Removed three (mostly usesless) README files from docs/

Closes #5141
whitespace fixes 2018-09-23T22:24:02+00:00 Viktor Szakats commit@vszakats.net 2018-09-23T22:24:02+00:00 b801b453af6de75838c3298137628f05e94ffb48 - replace tabs with spaces where possible - remove line ending spaces - remove double/triple newlines at EOF - fix a non-UTF-8 character - cleanup a few indentations/line continuations in manual examples Closes https://github.com/curl/curl/pull/3037 
- replace tabs with spaces where possible
- remove line ending spaces
- remove double/triple newlines at EOF
- fix a non-UTF-8 character
- cleanup a few indentations/line continuations
  in manual examples

Closes https://github.com/curl/curl/pull/3037
certs: generate tests certs with sha256 digest algorithm 2018-09-20T07:06:21+00:00 Daniel Stenberg daniel@haxx.se 2018-09-19T07:04:48+00:00 ba782baac3009e44295589743bb8ae8220793e74 As OpenSSL 1.1.1 starts to complain and fail on sha1 CAs: "SSL certificate problem: CA signature digest algorithm too weak" Closes #3014 
As OpenSSL 1.1.1 starts to complain and fail on sha1 CAs:

"SSL certificate problem: CA signature digest algorithm too weak"

Closes #3014
tests/certs: rebuild certs with 2048-bit RSA keys 2018-09-12T14:09:17+00:00 Yiming Jing jingyiming@baidu.com 2018-09-10T18:32:23+00:00 92f9db17466c4e28998a5cf849c7a861093eff23 The previous test certificates contained RSA keys of only 1024 bits. However, RSA claims that 1024-bit RSA keys are likely to become crackable some time before 2010. The NIST recommends at least 2048-bit keys for RSA for now. Better use full 2048 also for testing. Closes #2973 
The previous test certificates contained RSA keys of only 1024 bits.
However, RSA claims that 1024-bit RSA keys are likely to become
crackable some time before 2010. The NIST recommends at least 2048-bit
keys for RSA for now.

Better use full 2048 also for testing.

Closes #2973
spelling fixes 2017-03-26T21:56:23+00:00 klemens ka7@github.com 2017-03-26T15:02:22+00:00 f7df67cff0a756eefc8daea36e6468df694a43d0 Closes #1356 
Closes #1356
URLs: change all http:// URLs to https:// 2016-02-02T23:19:02+00:00 Daniel Stenberg daniel@haxx.se 2016-02-02T23:19:02+00:00 4af40b3646d3b09f68e419f7ca866ff395d1f897 






tests/certs: added make target to rebuild certificates
2015-03-21T15:33:58+00:00

Dan Fandrich
dan@coneharvesters.com

2015-03-21T13:23:00+00:00

38c304a58ffa47bba850626d2233776323528ee0

The certificate generation scripts were also updated to better match the
format of the certificates currently checked in.





The certificate generation scripts were also updated to better match the
format of the certificates currently checked in.







SSL: Add PEM format support for public key pinning
2014-11-24T18:30:09+00:00

moparisthebest
admin@moparisthebest.com

2014-11-24T18:30:09+00:00

be1a5051890b7ad9339b0208424b94aa32c64776












SSL: implement public key pinning
2014-10-07T12:44:19+00:00

moparisthebest
admin@moparisthebest.com

2014-10-01T02:31:17+00:00

93e450793ce289925dfd1d5e3b2d14e781f8dfd4

Option --pinnedpubkey takes a path to a public key in DER format and
only connect if it matches (currently only implemented with OpenSSL).

Provides CURLOPT_PINNEDPUBLICKEY for curl_easy_setopt().

Extract a public RSA key from a website like so:
openssl s_client -connect google.com:443 2>&1 < /dev/null | \
sed -n '/-----BEGIN/,/-----END/p' | openssl x509 -noout -pubkey \
| openssl rsa -pubin -outform DER > google.com.der





Option --pinnedpubkey takes a path to a public key in DER format and
only connect if it matches (currently only implemented with OpenSSL).

Provides CURLOPT_PINNEDPUBLICKEY for curl_easy_setopt().

Extract a public RSA key from a website like so:
openssl s_client -connect google.com:443 2>&1 < /dev/null | \
sed -n '/-----BEGIN/,/-----END/p' | openssl x509 -noout -pubkey \
| openssl rsa -pubin -outform DER > google.com.der







commit bc682cbd follow-up
2013-01-15T18:54:47+00:00

Yang Tse
yangsita@gmail.com

2013-01-15T18:40:41+00:00

7ab3ae0bf0666cc3766ddc5b9f4536d7e1f22565