Inicio Explorar Ayuda
Iniciar sesión
OWEALs
/
curl
espejo de https://github.com/curl/curl.git
2
0
Fork 0
Archivos Incidencias 8 Wiki
Explorar el Código

tests/certs/scripts: generate also CRL

... and make it possible to do so without any user interaction
Kamil Dudka hace 14 años
padre
c03cbb38ad
commit
645bdd837a
Se han modificado 3 ficheros con 27 adiciones y 7 borrados
Dividir vista Mostrar estadísticas de diff
  1. 11 0
      tests/certs/EdelCurlRoot-ca.cnf
  2. 5 2
      tests/certs/scripts/genroot.sh
  3. 11 5
      tests/certs/scripts/genserv.sh

+ 11 - 0
tests/certs/EdelCurlRoot-ca.cnf
Ver fichero 

@@ -0,0 +1,11 @@
 
+[ ca ]
 
+default_ca = EdelCurlRoot
 
+
 
+[ EdelCurlRoot ]
 
+database = EdelCurlRoot-ca.db
 
+certificate = EdelCurlRoot-ca.crt
 
+private_key = EdelCurlRoot-ca.key
 
+crlnumber = EdelCurlRoot-ca.cnt
 
+default_md = sha1
 
+default_days = 365
 
+default_crl_days = 30

+ 5 - 2
tests/certs/scripts/genroot.sh
Ver fichero 

@@ -40,8 +40,11 @@ SERIAL=`/usr/bin/env perl -e "$GETSERIAL"`
 
 
 echo SERIAL=$SERIAL PREFIX=$PREFIX DURATION=$DURATION KEYSIZE=$KEYSIZE
 
 
-echo "openssl req -config $PREFIX-ca.prm -newkey rsa:$KEYSIZE -keyout $PREFIX-ca.key -out $PREFIX-ca.csr"
 
-$OPENSSL req -config $PREFIX-ca.prm -newkey rsa:$KEYSIZE -keyout $PREFIX-ca.key -out $PREFIX-ca.csr
 
+echo "openssl genrsa -out $PREFIX-ca.key $KEYSIZE -passout XXX"
 
+openssl genrsa -out $PREFIX-ca.key $KEYSIZE -passout pass:secret
 
+
 
+echo "openssl req -config $PREFIX-ca.prm -new -key $PREFIX-ca.key -out $PREFIX-ca.csr"
 
+$OPENSSL req -config $PREFIX-ca.prm -new -key $PREFIX-ca.key -out $PREFIX-ca.csr -passin pass:secret
 
 
 echo "openssl x509 -set_serial $SERIAL -extfile $PREFIX-ca.prm -days $DURATION -req -signkey $PREFIX-ca.key -in $PREFIX-ca.csr -out $PREFIX-$SERIAL.ca-cacert -sha1 "

+ 11 - 5
tests/certs/scripts/genserv.sh
Ver fichero 

@@ -39,7 +39,7 @@ if [ ".$CAPREFIX" = . ] ; then
 
 	NOTOK=1
 
 else
 
     if [ ! -f $CAPREFIX-ca.cacert ] ; then
 
-	echo No CA certficate file $PREFIX-ca.caert
 
+	echo No CA certficate file $CAPREFIX-ca.caert
 
 	NOTOK=1
 
     fi
 
     if [ ! -f $CAPREFIX-ca.key ] ; then
 
@@ -74,7 +74,6 @@ fi
 
 echo "openssl rsa -in $PREFIX-sv.key -out $PREFIX-sv.key"
 
 $OPENSSL rsa -in $PREFIX-sv.key -out $PREFIX-sv.key -passin pass:secret
 
 echo pseudo secrets generated
 
-read
 
 
 echo "openssl x509 -set_serial $SERIAL -extfile $PREFIX-sv.prm -days $DURATION  -CA $CAPREFIX-ca.cacert -CAkey $CAPREFIX-ca.key -in $PREFIX-sv.csr -req -out $PREFIX-sv.crt -text -nameopt multiline -sha1"
 
 
@@ -85,16 +84,23 @@ if [ "$P12." = YES. ] ; then
 
    echo "$OPENSSL pkcs12 -export -des3 -out $PREFIX-sv.p12 -caname $CAPREFIX -name $PREFIX -inkey $PREFIX-sv.key -in $PREFIX-sv.crt -certfile $CAPREFIX-ca.crt "
 
 
    $OPENSSL pkcs12 -export -des3 -out $PREFIX-sv.p12 -caname $CAPREFIX -name $PREFIX -inkey $PREFIX-sv.key -in $PREFIX-sv.crt -certfile $CAPREFIX-ca.crt
 
-
 
-   read
 
 fi
 
 
 echo "openssl x509 -noout -text -hash -in $PREFIX-sv.selfcert -nameopt multiline"
 
 $OPENSSL x509 -noout -text -hash -in $PREFIX-sv.crt -nameopt multiline
 
 
+# revoke server cert
 
+touch $CAPREFIX-ca.db
 
+echo 01 > $CAPREFIX-ca.cnt
 
+echo "openssl ca -config $CAPREFIX-ca.cnf -revoke $PREFIX-sv.crt"
 
+$OPENSSL ca -config $CAPREFIX-ca.cnf -revoke $PREFIX-sv.crt
 
+
 
+# issue CRL
 
+echo "openssl ca -config $CAPREFIX-ca.cnf -gencrl -out $PREFIX-sv.crl"
 
+$OPENSSL ca -config $CAPREFIX-ca.cnf -gencrl -out $PREFIX-sv.crl
 
+
 
 echo "openssl x509 -in $PREFIX-sv.crt -outform der -out $PREFIX-sv.der "
 
 $OPENSSL x509 -in $PREFIX-sv.crt -outform der -out $PREFIX-sv.der
 
-read
 
 
 # all together now
 
 touch $PREFIX-sv.dhp