diff options
| author | Daniel Stenberg <daniel@haxx.se> | 2009-08-11 21:48:58 +0000 |
|---|---|---|
| committer | Daniel Stenberg <daniel@haxx.se> | 2009-08-11 21:48:58 +0000 |
| commit | e73fe837a8877c0197721b91e0d5ec40cb7a2cd0 (patch) | |
| tree | 241c5ac517e86455b87876c56afafbeb26b3d1f8 /tests/certs/scripts/genroot.sh | |
| parent | a9caeb1064bf942a6c066a8c048f077409d1b937 (diff) | |
- Peter Sylvester made the HTTPS test server use specific certificates for
each test, so that the test suite can now be used to actually test the
verification of cert names etc. This made an error show up in the OpenSSL-
specific code where it would attempt to match the CN field even if a
subjectAltName exists that doesn't match. This is now fixed and verified
in test 311.
Diffstat (limited to 'tests/certs/scripts/genroot.sh')
| -rwxr-xr-x | tests/certs/scripts/genroot.sh | 63 |
1 files changed, 63 insertions, 0 deletions
diff --git a/tests/certs/scripts/genroot.sh b/tests/certs/scripts/genroot.sh new file mode 100755 index 000000000..85425a8c5 --- /dev/null +++ b/tests/certs/scripts/genroot.sh @@ -0,0 +1,63 @@ +#!/bin/bash + +# (c) CopyRight EdelWeb for EdelKey and OpenEvidence, 2000-2004, 2009 +# Author: Peter Sylvester + +# "libre" for integration with curl + +OPENSSL=openssl +if [ -f /usr/local/ssl/bin/openssl ] ; then +OPENSSL=/usr/local/ssl/bin/openssl +fi + +USAGE="echo Usage is genroot.sh \<name\>" + +HOME=`pwd` +cd $HOME + +KEYSIZE=2048 +DURATION=6000 + +PREFIX=$1 +if [ ".$PREFIX" = . ] ; then + echo No configuration prefix + NOTOK=1 +else + if [ ! -f $PREFIX-ca.prm ] ; then + echo No configuration file $PREFIX-ca.prm + NOTOK=1 + fi +fi + +if [ ".$NOTOK" != . ] ; then + echo "Sorry, I can't do that for you." + $USAGE + exit +fi + +GETSERIAL="\$t = time ;\$d = \$t . substr(\$t+$$ ,-4,4)-1;print \$d" +SERIAL=`/usr/bin/env perl -e "$GETSERIAL"` + +echo SERIAL=$SERIAL PREFIX=$PREFIX DURATION=$DURATION KEYSIZE=$KEYSIZE + +echo "openssl req -config $PREFIX-ca.prm -newkey rsa:$KEYSIZE -keyout $PREFIX-ca.key -out $PREFIX-ca.csr" +$OPENSSL req -config $PREFIX-ca.prm -newkey rsa:$KEYSIZE -keyout $PREFIX-ca.key -out $PREFIX-ca.csr + +echo "openssl x509 -set_serial $SERIAL -extfile $PREFIX-ca.prm -days $DURATION -req -signkey $PREFIX-ca.key -in $PREFIX-ca.csr -out $PREFIX-$SERIAL.ca-cacert -sha1 " + +$OPENSSL x509 -set_serial $SERIAL -extfile $PREFIX-ca.prm -days $DURATION -req -signkey $PREFIX-ca.key -in $PREFIX-ca.csr -out $PREFIX-$SERIAL-ca.cacert -sha1 + +echo "openssl x509 -text -hash -out $PREFIX-ca.cacert -in $PREFIX-$SERIAL-ca.cacert -nameopt multiline" +$OPENSSL x509 -text -hash -out $PREFIX-ca.cacert -in $PREFIX-$SERIAL-ca.cacert -nameopt multiline + +echo "openssl x509 -in $PREFIX-ca.cacert -outform der -out $PREFIX-ca.der " +$OPENSSL x509 -in $PREFIX-ca.cacert -outform der -out $PREFIX-ca.der + +echo "openssl x509 -in $PREFIX-ca.cacert -text -out $PREFIX-ca.crt -nameopt multiline" + +$OPENSSL x509 -in $PREFIX-ca.cacert -text -out $PREFIX-ca.crt -nameopt multiline + +echo "openssl x509 -noout -text -in $PREFIX-ca.cacert -nameopt multiline" +$OPENSSL x509 -noout -text -in $PREFIX-ca.cacert -nameopt multiline + +#$OPENSSL rsa -in ../keys/$PREFIX-ca.key -text -noout -pubout |