Mercurial > hg
annotate tests/sslcerts/README @ 41722:37b33c34bf4f
templatekw: add a {negrev} keyword
Revision numbers are getting much maligned for two reasons: they are
too long in large repos and users get confused by their local-only
nature. It just occurred to me that negative revision numbers avoid
both of those problems. Since negative revision numbers change
whenever the repo changes, it's much more obvious that they are a
local-only convenience. Additionally, for the recent commits that we
usually care about the most, negative revision numbers are always near
zero.
This commit adds a negrev templatekw to more easily expose negative
revision numbers. It's not easy to reliably produce this output with
existing keywords due to hidden commits while at the same time
ensuring good performance.
author | Jordi Gutiérrez Hermoso <jordigh@octave.org> |
---|---|
date | Fri, 15 Feb 2019 14:43:31 -0500 |
parents | 43f3c0df2fab |
children |
rev | line source |
---|---|
29526
9d02bed8477b
tests: regenerate x509 test certificates
Gregory Szorc <gregory.szorc@gmail.com>
parents:
29331
diff
changeset
|
1 Generate a private key (priv.pem): |
9d02bed8477b
tests: regenerate x509 test certificates
Gregory Szorc <gregory.szorc@gmail.com>
parents:
29331
diff
changeset
|
2 |
9d02bed8477b
tests: regenerate x509 test certificates
Gregory Szorc <gregory.szorc@gmail.com>
parents:
29331
diff
changeset
|
3 $ openssl genrsa -out priv.pem 2048 |
9d02bed8477b
tests: regenerate x509 test certificates
Gregory Szorc <gregory.szorc@gmail.com>
parents:
29331
diff
changeset
|
4 |
9d02bed8477b
tests: regenerate x509 test certificates
Gregory Szorc <gregory.szorc@gmail.com>
parents:
29331
diff
changeset
|
5 Generate 2 self-signed certificates from this key (pub.pem, pub-other.pem): |
9d02bed8477b
tests: regenerate x509 test certificates
Gregory Szorc <gregory.szorc@gmail.com>
parents:
29331
diff
changeset
|
6 |
29579
43f3c0df2fab
tests: update test certificate generation instructions
Gregory Szorc <gregory.szorc@gmail.com>
parents:
29526
diff
changeset
|
7 $ openssl req -new -x509 -key priv.pem -nodes -sha256 -days 9000 \ |
43f3c0df2fab
tests: update test certificate generation instructions
Gregory Szorc <gregory.szorc@gmail.com>
parents:
29526
diff
changeset
|
8 -out pub.pem -batch -subj '/CN=localhost/emailAddress=hg@localhost/' |
43f3c0df2fab
tests: update test certificate generation instructions
Gregory Szorc <gregory.szorc@gmail.com>
parents:
29526
diff
changeset
|
9 $ openssl req -new -x509 -key priv.pem -nodes -sha256 -days 9000 \ |
43f3c0df2fab
tests: update test certificate generation instructions
Gregory Szorc <gregory.szorc@gmail.com>
parents:
29526
diff
changeset
|
10 -out pub-other.pem -batch -subj '/CN=localhost/emailAddress=hg@localhost/' |
29331
1e02d9576194
tests: extract SSL certificates from test-https.t
Yuya Nishihara <yuya@tcha.org>
parents:
diff
changeset
|
11 |
29526
9d02bed8477b
tests: regenerate x509 test certificates
Gregory Szorc <gregory.szorc@gmail.com>
parents:
29331
diff
changeset
|
12 Now generate an expired certificate by turning back the system time: |
9d02bed8477b
tests: regenerate x509 test certificates
Gregory Szorc <gregory.szorc@gmail.com>
parents:
29331
diff
changeset
|
13 |
29579
43f3c0df2fab
tests: update test certificate generation instructions
Gregory Szorc <gregory.szorc@gmail.com>
parents:
29526
diff
changeset
|
14 $ faketime 2016-01-01T00:00:00Z \ |
43f3c0df2fab
tests: update test certificate generation instructions
Gregory Szorc <gregory.szorc@gmail.com>
parents:
29526
diff
changeset
|
15 openssl req -new -x509 -key priv.pem -nodes -sha256 -days 1 \ |
43f3c0df2fab
tests: update test certificate generation instructions
Gregory Szorc <gregory.szorc@gmail.com>
parents:
29526
diff
changeset
|
16 -out pub-expired.pem -batch -subj '/CN=localhost/emailAddress=hg@localhost/' |
29331
1e02d9576194
tests: extract SSL certificates from test-https.t
Yuya Nishihara <yuya@tcha.org>
parents:
diff
changeset
|
17 |
29526
9d02bed8477b
tests: regenerate x509 test certificates
Gregory Szorc <gregory.szorc@gmail.com>
parents:
29331
diff
changeset
|
18 Generate a certificate not yet active by advancing the system time: |
9d02bed8477b
tests: regenerate x509 test certificates
Gregory Szorc <gregory.szorc@gmail.com>
parents:
29331
diff
changeset
|
19 |
29579
43f3c0df2fab
tests: update test certificate generation instructions
Gregory Szorc <gregory.szorc@gmail.com>
parents:
29526
diff
changeset
|
20 $ faketime 2030-01-1T00:00:00Z \ |
43f3c0df2fab
tests: update test certificate generation instructions
Gregory Szorc <gregory.szorc@gmail.com>
parents:
29526
diff
changeset
|
21 openssl req -new -x509 -key priv.pem -nodes -sha256 -days 1 \ |
43f3c0df2fab
tests: update test certificate generation instructions
Gregory Szorc <gregory.szorc@gmail.com>
parents:
29526
diff
changeset
|
22 -out pub-not-yet.pem -batch -subj '/CN=localhost/emailAddress=hg@localhost/' |
29526
9d02bed8477b
tests: regenerate x509 test certificates
Gregory Szorc <gregory.szorc@gmail.com>
parents:
29331
diff
changeset
|
23 |
9d02bed8477b
tests: regenerate x509 test certificates
Gregory Szorc <gregory.szorc@gmail.com>
parents:
29331
diff
changeset
|
24 Generate a passphrase protected client certificate private key: |
9d02bed8477b
tests: regenerate x509 test certificates
Gregory Szorc <gregory.szorc@gmail.com>
parents:
29331
diff
changeset
|
25 |
9d02bed8477b
tests: regenerate x509 test certificates
Gregory Szorc <gregory.szorc@gmail.com>
parents:
29331
diff
changeset
|
26 $ openssl genrsa -aes256 -passout pass:1234 -out client-key.pem 2048 |
9d02bed8477b
tests: regenerate x509 test certificates
Gregory Szorc <gregory.szorc@gmail.com>
parents:
29331
diff
changeset
|
27 |
9d02bed8477b
tests: regenerate x509 test certificates
Gregory Szorc <gregory.szorc@gmail.com>
parents:
29331
diff
changeset
|
28 Create a copy of the private key without a passphrase: |
9d02bed8477b
tests: regenerate x509 test certificates
Gregory Szorc <gregory.szorc@gmail.com>
parents:
29331
diff
changeset
|
29 |
9d02bed8477b
tests: regenerate x509 test certificates
Gregory Szorc <gregory.szorc@gmail.com>
parents:
29331
diff
changeset
|
30 $ openssl rsa -in client-key.pem -passin pass:1234 -out client-key-decrypted.pem |
29331
1e02d9576194
tests: extract SSL certificates from test-https.t
Yuya Nishihara <yuya@tcha.org>
parents:
diff
changeset
|
31 |
29526
9d02bed8477b
tests: regenerate x509 test certificates
Gregory Szorc <gregory.szorc@gmail.com>
parents:
29331
diff
changeset
|
32 Create a CSR and sign the key using the server keypair: |
9d02bed8477b
tests: regenerate x509 test certificates
Gregory Szorc <gregory.szorc@gmail.com>
parents:
29331
diff
changeset
|
33 |
9d02bed8477b
tests: regenerate x509 test certificates
Gregory Szorc <gregory.szorc@gmail.com>
parents:
29331
diff
changeset
|
34 $ printf '.\n.\n.\n.\n.\n.\nhg-client@localhost\n.\n.\n' | \ |
9d02bed8477b
tests: regenerate x509 test certificates
Gregory Szorc <gregory.szorc@gmail.com>
parents:
29331
diff
changeset
|
35 openssl req -new -key client-key.pem -passin pass:1234 -out client-csr.pem |
9d02bed8477b
tests: regenerate x509 test certificates
Gregory Szorc <gregory.szorc@gmail.com>
parents:
29331
diff
changeset
|
36 $ openssl x509 -req -days 9000 -in client-csr.pem -CA pub.pem -CAkey priv.pem \ |
9d02bed8477b
tests: regenerate x509 test certificates
Gregory Szorc <gregory.szorc@gmail.com>
parents:
29331
diff
changeset
|
37 -set_serial 01 -out client-cert.pem |
29331
1e02d9576194
tests: extract SSL certificates from test-https.t
Yuya Nishihara <yuya@tcha.org>
parents:
diff
changeset
|
38 |
29526
9d02bed8477b
tests: regenerate x509 test certificates
Gregory Szorc <gregory.szorc@gmail.com>
parents:
29331
diff
changeset
|
39 When replacing the certificates, references to certificate fingerprints will |
9d02bed8477b
tests: regenerate x509 test certificates
Gregory Szorc <gregory.szorc@gmail.com>
parents:
29331
diff
changeset
|
40 need to be updated in test files. |
9d02bed8477b
tests: regenerate x509 test certificates
Gregory Szorc <gregory.szorc@gmail.com>
parents:
29331
diff
changeset
|
41 |
9d02bed8477b
tests: regenerate x509 test certificates
Gregory Szorc <gregory.szorc@gmail.com>
parents:
29331
diff
changeset
|
42 Fingerprints for certs can be obtained by running: |
9d02bed8477b
tests: regenerate x509 test certificates
Gregory Szorc <gregory.szorc@gmail.com>
parents:
29331
diff
changeset
|
43 |
9d02bed8477b
tests: regenerate x509 test certificates
Gregory Szorc <gregory.szorc@gmail.com>
parents:
29331
diff
changeset
|
44 $ openssl x509 -in pub.pem -noout -sha1 -fingerprint |
9d02bed8477b
tests: regenerate x509 test certificates
Gregory Szorc <gregory.szorc@gmail.com>
parents:
29331
diff
changeset
|
45 $ openssl x509 -in pub.pem -noout -sha256 -fingerprint |