aboutsummaryrefslogtreecommitdiff
path: root/tests/certs/scripts/genserv.sh
AgeCommit message (Collapse)Author
2018-09-23whitespace fixesViktor Szakats
- replace tabs with spaces where possible - remove line ending spaces - remove double/triple newlines at EOF - fix a non-UTF-8 character - cleanup a few indentations/line continuations in manual examples Closes https://github.com/curl/curl/pull/3037
2018-09-20certs: generate tests certs with sha256 digest algorithmDaniel Stenberg
As OpenSSL 1.1.1 starts to complain and fail on sha1 CAs: "SSL certificate problem: CA signature digest algorithm too weak" Closes #3014
2018-09-12tests/certs: rebuild certs with 2048-bit RSA keysYiming Jing
The previous test certificates contained RSA keys of only 1024 bits. However, RSA claims that 1024-bit RSA keys are likely to become crackable some time before 2010. The NIST recommends at least 2048-bit keys for RSA for now. Better use full 2048 also for testing. Closes #2973
2017-03-26spelling fixesklemens
Closes #1356
2015-03-21tests/certs: added make target to rebuild certificatesDan Fandrich
The certificate generation scripts were also updated to better match the format of the certificates currently checked in.
2014-11-24SSL: Add PEM format support for public key pinningmoparisthebest
2014-10-07SSL: implement public key pinningmoparisthebest
Option --pinnedpubkey takes a path to a public key in DER format and only connect if it matches (currently only implemented with OpenSSL). Provides CURLOPT_PINNEDPUBLICKEY for curl_easy_setopt(). Extract a public RSA key from a website like so: openssl s_client -connect google.com:443 2>&1 < /dev/null | \ sed -n '/-----BEGIN/,/-----END/p' | openssl x509 -noout -pubkey \ | openssl rsa -pubin -outform DER > google.com.der
2010-05-27tests/certs/scripts: generate also CRLKamil Dudka
... and make it possible to do so without any user interaction
2010-02-14removed trailing whitespaceYang Tse
2009-08-11- Peter Sylvester made the HTTPS test server use specific certificates forDaniel Stenberg
each test, so that the test suite can now be used to actually test the verification of cert names etc. This made an error show up in the OpenSSL- specific code where it would attempt to match the CN field even if a subjectAltName exists that doesn't match. This is now fixed and verified in test 311.