WolfSSL
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity

White space updates and revert cnf changes in lieu of PR #1734

pull/1841/head
kaleb-himes 2018-09-19 14:54:19 -06:00
parent 4f6ee556dc
commit f3fd67c54b
2 changed files with 137 additions and 137 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
certs/renewcerts/wolfssl.cnf
View File

@ -11,13 +11,13 @@ oid_section = new_oids
tsa_policy1 = 1.2.3.4.1
tsa_policy2 = 1.2.3.4.5.6
tsa_policy3 = 1.2.3.4.5.7
#businessCategory=2.5.4.15
#streetAddress=2.5.4.9
#stateOrProvinceName=2.5.4.8
#countryName=2.5.4.6
#jurisdictionOfIncorporationLocalityName=1.3.6.1.4.1.311.60.2.1.1
#jurisdictionOfIncorporationStateOrProvinceName=1.3.6.1.4.1.311.60.2.1.2
#jurisdictionOfIncorporationCountryName=1.3.6.1.4.1.311.60.2.1.3
businessCategory=2.5.4.15
streetAddress=2.5.4.9
stateOrProvinceName=2.5.4.8
countryName=2.5.4.6
jurisdictionOfIncorporationLocalityName=1.3.6.1.4.1.311.60.2.1.1
jurisdictionOfIncorporationStateOrProvinceName=1.3.6.1.4.1.311.60.2.1.2
jurisdictionOfIncorporationCountryName=1.3.6.1.4.1.311.60.2.1.3
####################################################################
[ ca ]

260
certs/test/gen-testcerts.sh
View File

@ -10,158 +10,158 @@ check_result() {
# Args: 1=FileName, 2=CN, 3=AltName, 4=CA
build_test_cert_conf() {
echo "# Generated openssl conf" > "$1".conf
echo "" >> "$1".conf
echo "[ ca ]" >> "$1".conf
echo "default_ca = CA_default" >> "$1".conf
echo "[ CA_default ]" >> "$1".conf
echo "certificate = ../ca-cert.pem" >> "$1".conf
echo "database = ./index.txt" >> "$1".conf
echo "new_certs_dir = ./certs" >> "$1".conf
echo "private_key = ./private/cakey.pem" >> "$1".conf
echo "serial = ./serial" >> "$1".conf
echo "default_md = sha256" >> "$1".conf
echo "default_days = 1000" >> "$1".conf
echo "policy = default_ca_policy" >> "$1".conf
echo "" >> "$1".conf
echo "[ default_ca_policy ]" >> "$1".conf
echo "commonName = supplied" >> "$1".conf
echo "stateOrProvinceName = supplied" >> "$1".conf
echo "countryName = supplied" >> "$1".conf
echo "emailAddress = supplied" >> "$1".conf
echo "organizationName = optional" >> "$1".conf
echo "organizationalUnitName = optional" >> "$1".conf
echo "" >> "$1".conf
echo "[ req ]" >> "$1".conf
echo "prompt = no" >> "$1".conf
echo "default_bits = 2048" >> "$1".conf
echo "distinguished_name = req_distinguished_name" >> "$1".conf
if [ -n "$3" ]; then
echo "req_extensions = req_ext" >> "$1".conf
fi
if [ -n "$4" ]; then
echo "basicConstraints=CA:true,pathlen:0" >> "$1".conf
echo "" >> "$1".conf
fi
echo "" >> "$1".conf
echo "[ req_distinguished_name ]" >> "$1".conf
echo "C = US" >> "$1".conf
echo "ST = Montana" >> "$1".conf
echo "L = Bozeman" >> "$1".conf
echo "OU = Engineering" >> "$1".conf
echo "CN = $2" >> "$1".conf
echo "emailAddress = info@wolfssl.com" >> "$1".conf
echo "" >> "$1".conf
if [ -n "$3" ]; then
echo "[ req_ext ]" >> "$1".conf
if [ "$3" != *"DER"* ]; then
echo "subjectAltName = @alt_names" >> "$1".conf
echo "[alt_names]" >> "$1".conf
echo "DNS.1 = $3" >> "$1".conf
else
echo "subjectAltName = $3" >> "$1".conf
fi
fi
echo "# Generated openssl conf" > "$1".conf
echo "" >> "$1".conf
echo "[ ca ]" >> "$1".conf
echo "default_ca = CA_default" >> "$1".conf
echo "[ CA_default ]" >> "$1".conf
echo "certificate = ../ca-cert.pem" >> "$1".conf
echo "database = ./index.txt" >> "$1".conf
echo "new_certs_dir = ./certs" >> "$1".conf
echo "private_key = ./private/cakey.pem" >> "$1".conf
echo "serial = ./serial" >> "$1".conf
echo "default_md = sha256" >> "$1".conf
echo "default_days = 1000" >> "$1".conf
echo "policy = default_ca_policy" >> "$1".conf
echo "" >> "$1".conf
echo "[ default_ca_policy ]" >> "$1".conf
echo "commonName = supplied" >> "$1".conf
echo "stateOrProvinceName = supplied" >> "$1".conf
echo "countryName = supplied" >> "$1".conf
echo "emailAddress = supplied" >> "$1".conf
echo "organizationName = optional" >> "$1".conf
echo "organizationalUnitName = optional" >> "$1".conf
echo "" >> "$1".conf
echo "[ req ]" >> "$1".conf
echo "prompt = no" >> "$1".conf
echo "default_bits = 2048" >> "$1".conf
echo "distinguished_name = req_distinguished_name" >> "$1".conf
if [ -n "$3" ]; then
echo "req_extensions = req_ext" >> "$1".conf
fi
if [ -n "$4" ]; then
echo "basicConstraints=CA:true,pathlen:0" >> "$1".conf
echo "" >> "$1".conf
fi
echo "" >> "$1".conf
echo "[ req_distinguished_name ]" >> "$1".conf
echo "C = US" >> "$1".conf
echo "ST = Montana" >> "$1".conf
echo "L = Bozeman" >> "$1".conf
echo "OU = Engineering" >> "$1".conf
echo "CN = $2" >> "$1".conf
echo "emailAddress = info@wolfssl.com" >> "$1".conf
echo "" >> "$1".conf
if [ -n "$3" ]; then
echo "[ req_ext ]" >> "$1".conf
if [ "$3" != *"DER"* ]; then
echo "subjectAltName = @alt_names" >> "$1".conf
echo "[alt_names]" >> "$1".conf
echo "DNS.1 = $3" >> "$1".conf
else
echo "subjectAltName = $3" >> "$1".conf
fi
fi
}
# Args: 1=FileName
generate_test_cert() {
rm "$1".der
rm "$1".pem
rm "$1".der
rm "$1".pem
echo "step 1 create configuration"
build_test_cert_conf "$1" "$2" "$3"
check_result $?
echo "step 1 create configuration"
build_test_cert_conf "$1" "$2" "$3"
check_result $?
echo "step 2 create csr"
openssl req -new -sha256 -out "$1".csr -key ../server-key.pem -config "$1".conf
check_result $?
echo "step 2 create csr"
openssl req -new -sha256 -out "$1".csr -key ../server-key.pem -config "$1".conf
check_result $?
echo "step 3 check csr"
openssl req -text -noout -in "$1".csr
check_result $?
echo "step 3 check csr"
openssl req -text -noout -in "$1".csr
check_result $?
echo "step 4 create cert"
if [ "$3" = "" ]; then
openssl x509 -req -days 1000 -sha256 \
-in "$1".csr -signkey ../server-key.pem \
-out "$1".pem -extfile "$1".conf
else
openssl x509 -req -days 1000 -sha256 \
-in "$1".csr -signkey ../server-key.pem \
-out "$1".pem -extensions req_ext -extfile "$1".conf
fi
check_result $?
rm "$1".conf
rm "$1".csr
echo "step 4 create cert"
if [ "$3" = "" ]; then
openssl x509 -req -days 1000 -sha256 \
-in "$1".csr -signkey ../server-key.pem \
-out "$1".pem -extfile "$1".conf
else
openssl x509 -req -days 1000 -sha256 \
-in "$1".csr -signkey ../server-key.pem \
-out "$1".pem -extensions req_ext -extfile "$1".conf
fi
check_result $?
rm "$1".conf
rm "$1".csr
if [ -n "$4" ]; then
echo "step 5 generate crl"
mkdir ../crl/demoCA
touch ../crl/demoCA/index.txt
echo "01" > ../crl/crlnumber
openssl ca -config ../renewcerts/wolfssl.cnf -gencrl -crldays 1000 \
-out crl.revoked -keyfile ../server-key.pem -cert "$1".pem
check_result $?
rm ../crl/"$1"Crl.pem
openssl crl -in crl.revoked -text > tmp.pem
check_result $?
mv tmp.pem ../crl/"$1"Crl.pem
rm crl.revoked
rm -rf ../crl/demoCA
rm ../crl/crlnumber*
fi
if [ -n "$4" ]; then
echo "step 5 generate crl"
mkdir ../crl/demoCA
touch ../crl/demoCA/index.txt
echo "01" > ../crl/crlnumber
openssl ca -config ../renewcerts/wolfssl.cnf -gencrl -crldays 1000 \
-out crl.revoked -keyfile ../server-key.pem -cert "$1".pem
check_result $?
rm ../crl/"$1"Crl.pem
openssl crl -in crl.revoked -text > tmp.pem
check_result $?
mv tmp.pem ../crl/"$1"Crl.pem
rm crl.revoked
rm -rf ../crl/demoCA
rm ../crl/crlnumber*
fi
echo "step 6 add cert text information to pem"
openssl x509 -inform pem -in "$1".pem -text > tmp.pem
check_result $?
mv tmp.pem "$1".pem
echo "step 6 add cert text information to pem"
openssl x509 -inform pem -in "$1".pem -text > tmp.pem
check_result $?
mv tmp.pem "$1".pem
echo "step 7 make binary der version"
openssl x509 -inform pem -in "$1".pem -outform der -out "$1".der
check_result $?
echo "step 7 make binary der version"
openssl x509 -inform pem -in "$1".pem -outform der -out "$1".der
check_result $?
}
generate_expired_certs() {
rm "$1".der
rm "$1".pem
rm "$1".der
rm "$1".pem
mkdir -p certs
touch ./index.txt
echo 1000 > ./serial
mkdir -p certs
touch ./index.txt
echo 1000 > ./serial
echo "step 1 create configuration"
build_test_cert_conf "$1" www.wolfssl.com 0 "$3"
check_result $?
echo "step 1 create configuration"
build_test_cert_conf "$1" www.wolfssl.com 0 "$3"
check_result $?
echo "step 2 create csr"
openssl req -new -sha256 -out "$1".csr -key "$2" -config "$1".conf
check_result $?
echo "step 2 create csr"
openssl req -new -sha256 -out "$1".csr -key "$2" -config "$1".conf
check_result $?
echo "step 3 check csr"
openssl req -text -noout -in "$1".csr
check_result $?
echo "step 3 check csr"
openssl req -text -noout -in "$1".csr
check_result $?
echo "step 4 create cert"
openssl ca -config ../renewcerts/wolfssl.cnf -selfsign -config "$1".conf \
-keyfile "$2" -in "$1".csr -out "$1".pem \
-startdate 201807310000Z -enddate 201808300000Z -batch
check_result $?
rm "$1".conf
rm "$1".csr
echo "step 4 create cert"
openssl ca -config ../renewcerts/wolfssl.cnf -selfsign -config "$1".conf \
-keyfile "$2" -in "$1".csr -out "$1".pem \
-startdate 201807310000Z -enddate 201808300000Z -batch
check_result $?
rm "$1".conf
rm "$1".csr
echo "step 5 add cert text information to pem"
openssl x509 -inform pem -in "$1".pem -text > tmp.pem
check_result $?
mv tmp.pem "$1".pem
echo "step 5 add cert text information to pem"
openssl x509 -inform pem -in "$1".pem -text > tmp.pem
check_result $?
mv tmp.pem "$1".pem
echo "step 7 make binary der version"
openssl x509 -inform pem -in "$1".pem -outform der -out "$1".der
check_result $?
echo "step 7 make binary der version"
openssl x509 -inform pem -in "$1".pem -outform der -out "$1".der
check_result $?
rm -rf certs
rm ./index.txt*
rm ./serial*
rm -rf certs
rm ./index.txt*
rm ./serial*
}
# Generate Good CN=localhost, Alt=None