annotate tests/sslcerts/README @ 41722:37b33c34bf4f

templatekw: add a {negrev} keyword Revision numbers are getting much maligned for two reasons: they are too long in large repos and users get confused by their local-only nature. It just occurred to me that negative revision numbers avoid both of those problems. Since negative revision numbers change whenever the repo changes, it's much more obvious that they are a local-only convenience. Additionally, for the recent commits that we usually care about the most, negative revision numbers are always near zero. This commit adds a negrev templatekw to more easily expose negative revision numbers. It's not easy to reliably produce this output with existing keywords due to hidden commits while at the same time ensuring good performance.
author Jordi Gutiérrez Hermoso <jordigh@octave.org>
date Fri, 15 Feb 2019 14:43:31 -0500
parents 43f3c0df2fab
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
29526
9d02bed8477b tests: regenerate x509 test certificates
Gregory Szorc <gregory.szorc@gmail.com>
parents: 29331
diff changeset
1 Generate a private key (priv.pem):
9d02bed8477b tests: regenerate x509 test certificates
Gregory Szorc <gregory.szorc@gmail.com>
parents: 29331
diff changeset
2
9d02bed8477b tests: regenerate x509 test certificates
Gregory Szorc <gregory.szorc@gmail.com>
parents: 29331
diff changeset
3 $ openssl genrsa -out priv.pem 2048
9d02bed8477b tests: regenerate x509 test certificates
Gregory Szorc <gregory.szorc@gmail.com>
parents: 29331
diff changeset
4
9d02bed8477b tests: regenerate x509 test certificates
Gregory Szorc <gregory.szorc@gmail.com>
parents: 29331
diff changeset
5 Generate 2 self-signed certificates from this key (pub.pem, pub-other.pem):
9d02bed8477b tests: regenerate x509 test certificates
Gregory Szorc <gregory.szorc@gmail.com>
parents: 29331
diff changeset
6
29579
43f3c0df2fab tests: update test certificate generation instructions
Gregory Szorc <gregory.szorc@gmail.com>
parents: 29526
diff changeset
7 $ openssl req -new -x509 -key priv.pem -nodes -sha256 -days 9000 \
43f3c0df2fab tests: update test certificate generation instructions
Gregory Szorc <gregory.szorc@gmail.com>
parents: 29526
diff changeset
8 -out pub.pem -batch -subj '/CN=localhost/emailAddress=hg@localhost/'
43f3c0df2fab tests: update test certificate generation instructions
Gregory Szorc <gregory.szorc@gmail.com>
parents: 29526
diff changeset
9 $ openssl req -new -x509 -key priv.pem -nodes -sha256 -days 9000 \
43f3c0df2fab tests: update test certificate generation instructions
Gregory Szorc <gregory.szorc@gmail.com>
parents: 29526
diff changeset
10 -out pub-other.pem -batch -subj '/CN=localhost/emailAddress=hg@localhost/'
29331
1e02d9576194 tests: extract SSL certificates from test-https.t
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
11
29526
9d02bed8477b tests: regenerate x509 test certificates
Gregory Szorc <gregory.szorc@gmail.com>
parents: 29331
diff changeset
12 Now generate an expired certificate by turning back the system time:
9d02bed8477b tests: regenerate x509 test certificates
Gregory Szorc <gregory.szorc@gmail.com>
parents: 29331
diff changeset
13
29579
43f3c0df2fab tests: update test certificate generation instructions
Gregory Szorc <gregory.szorc@gmail.com>
parents: 29526
diff changeset
14 $ faketime 2016-01-01T00:00:00Z \
43f3c0df2fab tests: update test certificate generation instructions
Gregory Szorc <gregory.szorc@gmail.com>
parents: 29526
diff changeset
15 openssl req -new -x509 -key priv.pem -nodes -sha256 -days 1 \
43f3c0df2fab tests: update test certificate generation instructions
Gregory Szorc <gregory.szorc@gmail.com>
parents: 29526
diff changeset
16 -out pub-expired.pem -batch -subj '/CN=localhost/emailAddress=hg@localhost/'
29331
1e02d9576194 tests: extract SSL certificates from test-https.t
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
17
29526
9d02bed8477b tests: regenerate x509 test certificates
Gregory Szorc <gregory.szorc@gmail.com>
parents: 29331
diff changeset
18 Generate a certificate not yet active by advancing the system time:
9d02bed8477b tests: regenerate x509 test certificates
Gregory Szorc <gregory.szorc@gmail.com>
parents: 29331
diff changeset
19
29579
43f3c0df2fab tests: update test certificate generation instructions
Gregory Szorc <gregory.szorc@gmail.com>
parents: 29526
diff changeset
20 $ faketime 2030-01-1T00:00:00Z \
43f3c0df2fab tests: update test certificate generation instructions
Gregory Szorc <gregory.szorc@gmail.com>
parents: 29526
diff changeset
21 openssl req -new -x509 -key priv.pem -nodes -sha256 -days 1 \
43f3c0df2fab tests: update test certificate generation instructions
Gregory Szorc <gregory.szorc@gmail.com>
parents: 29526
diff changeset
22 -out pub-not-yet.pem -batch -subj '/CN=localhost/emailAddress=hg@localhost/'
29526
9d02bed8477b tests: regenerate x509 test certificates
Gregory Szorc <gregory.szorc@gmail.com>
parents: 29331
diff changeset
23
9d02bed8477b tests: regenerate x509 test certificates
Gregory Szorc <gregory.szorc@gmail.com>
parents: 29331
diff changeset
24 Generate a passphrase protected client certificate private key:
9d02bed8477b tests: regenerate x509 test certificates
Gregory Szorc <gregory.szorc@gmail.com>
parents: 29331
diff changeset
25
9d02bed8477b tests: regenerate x509 test certificates
Gregory Szorc <gregory.szorc@gmail.com>
parents: 29331
diff changeset
26 $ openssl genrsa -aes256 -passout pass:1234 -out client-key.pem 2048
9d02bed8477b tests: regenerate x509 test certificates
Gregory Szorc <gregory.szorc@gmail.com>
parents: 29331
diff changeset
27
9d02bed8477b tests: regenerate x509 test certificates
Gregory Szorc <gregory.szorc@gmail.com>
parents: 29331
diff changeset
28 Create a copy of the private key without a passphrase:
9d02bed8477b tests: regenerate x509 test certificates
Gregory Szorc <gregory.szorc@gmail.com>
parents: 29331
diff changeset
29
9d02bed8477b tests: regenerate x509 test certificates
Gregory Szorc <gregory.szorc@gmail.com>
parents: 29331
diff changeset
30 $ openssl rsa -in client-key.pem -passin pass:1234 -out client-key-decrypted.pem
29331
1e02d9576194 tests: extract SSL certificates from test-https.t
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
31
29526
9d02bed8477b tests: regenerate x509 test certificates
Gregory Szorc <gregory.szorc@gmail.com>
parents: 29331
diff changeset
32 Create a CSR and sign the key using the server keypair:
9d02bed8477b tests: regenerate x509 test certificates
Gregory Szorc <gregory.szorc@gmail.com>
parents: 29331
diff changeset
33
9d02bed8477b tests: regenerate x509 test certificates
Gregory Szorc <gregory.szorc@gmail.com>
parents: 29331
diff changeset
34 $ printf '.\n.\n.\n.\n.\n.\nhg-client@localhost\n.\n.\n' | \
9d02bed8477b tests: regenerate x509 test certificates
Gregory Szorc <gregory.szorc@gmail.com>
parents: 29331
diff changeset
35 openssl req -new -key client-key.pem -passin pass:1234 -out client-csr.pem
9d02bed8477b tests: regenerate x509 test certificates
Gregory Szorc <gregory.szorc@gmail.com>
parents: 29331
diff changeset
36 $ openssl x509 -req -days 9000 -in client-csr.pem -CA pub.pem -CAkey priv.pem \
9d02bed8477b tests: regenerate x509 test certificates
Gregory Szorc <gregory.szorc@gmail.com>
parents: 29331
diff changeset
37 -set_serial 01 -out client-cert.pem
29331
1e02d9576194 tests: extract SSL certificates from test-https.t
Yuya Nishihara <yuya@tcha.org>
parents:
diff changeset
38
29526
9d02bed8477b tests: regenerate x509 test certificates
Gregory Szorc <gregory.szorc@gmail.com>
parents: 29331
diff changeset
39 When replacing the certificates, references to certificate fingerprints will
9d02bed8477b tests: regenerate x509 test certificates
Gregory Szorc <gregory.szorc@gmail.com>
parents: 29331
diff changeset
40 need to be updated in test files.
9d02bed8477b tests: regenerate x509 test certificates
Gregory Szorc <gregory.szorc@gmail.com>
parents: 29331
diff changeset
41
9d02bed8477b tests: regenerate x509 test certificates
Gregory Szorc <gregory.szorc@gmail.com>
parents: 29331
diff changeset
42 Fingerprints for certs can be obtained by running:
9d02bed8477b tests: regenerate x509 test certificates
Gregory Szorc <gregory.szorc@gmail.com>
parents: 29331
diff changeset
43
9d02bed8477b tests: regenerate x509 test certificates
Gregory Szorc <gregory.szorc@gmail.com>
parents: 29331
diff changeset
44 $ openssl x509 -in pub.pem -noout -sha1 -fingerprint
9d02bed8477b tests: regenerate x509 test certificates
Gregory Szorc <gregory.szorc@gmail.com>
parents: 29331
diff changeset
45 $ openssl x509 -in pub.pem -noout -sha256 -fingerprint