Mercurial: tests/sslcerts/README annotate

annotate tests/sslcerts/README @ 39939:e85462d48cb3 stable

manifest: rewrite pathlen() to not cross entry boundary Even though the entire manifest data should be terminated by '\0', it seems not nice to scan '\0' over the entry terminator, '\n'.

author	Yuya Nishihara <yuya@tcha.org>
date	Wed, 05 Sep 2018 21:32:45 +0900
parents	43f3c0df2fab
children

rev	line source
29526 9d02bed8477b tests: regenerate x509 test certificates Gregory Szorc <gregory.szorc@gmail.com> parents: 29331 diff changeset	1 Generate a private key (priv.pem):
9d02bed8477b tests: regenerate x509 test certificates Gregory Szorc <gregory.szorc@gmail.com> parents: 29331 diff changeset	2
9d02bed8477b tests: regenerate x509 test certificates Gregory Szorc <gregory.szorc@gmail.com> parents: 29331 diff changeset	3 $ openssl genrsa -out priv.pem 2048
9d02bed8477b tests: regenerate x509 test certificates Gregory Szorc <gregory.szorc@gmail.com> parents: 29331 diff changeset	4
9d02bed8477b tests: regenerate x509 test certificates Gregory Szorc <gregory.szorc@gmail.com> parents: 29331 diff changeset	5 Generate 2 self-signed certificates from this key (pub.pem, pub-other.pem):
9d02bed8477b tests: regenerate x509 test certificates Gregory Szorc <gregory.szorc@gmail.com> parents: 29331 diff changeset	6
29579 43f3c0df2fab tests: update test certificate generation instructions Gregory Szorc <gregory.szorc@gmail.com> parents: 29526 diff changeset	7 $ openssl req -new -x509 -key priv.pem -nodes -sha256 -days 9000 \
43f3c0df2fab tests: update test certificate generation instructions Gregory Szorc <gregory.szorc@gmail.com> parents: 29526 diff changeset	8 -out pub.pem -batch -subj '/CN=localhost/emailAddress=hg@localhost/'
43f3c0df2fab tests: update test certificate generation instructions Gregory Szorc <gregory.szorc@gmail.com> parents: 29526 diff changeset	9 $ openssl req -new -x509 -key priv.pem -nodes -sha256 -days 9000 \
43f3c0df2fab tests: update test certificate generation instructions Gregory Szorc <gregory.szorc@gmail.com> parents: 29526 diff changeset	10 -out pub-other.pem -batch -subj '/CN=localhost/emailAddress=hg@localhost/'
29331 1e02d9576194 tests: extract SSL certificates from test-https.t Yuya Nishihara <yuya@tcha.org> parents: diff changeset	11
29526 9d02bed8477b tests: regenerate x509 test certificates Gregory Szorc <gregory.szorc@gmail.com> parents: 29331 diff changeset	12 Now generate an expired certificate by turning back the system time:
9d02bed8477b tests: regenerate x509 test certificates Gregory Szorc <gregory.szorc@gmail.com> parents: 29331 diff changeset	13
29579 43f3c0df2fab tests: update test certificate generation instructions Gregory Szorc <gregory.szorc@gmail.com> parents: 29526 diff changeset	14 $ faketime 2016-01-01T00:00:00Z \
43f3c0df2fab tests: update test certificate generation instructions Gregory Szorc <gregory.szorc@gmail.com> parents: 29526 diff changeset	15 openssl req -new -x509 -key priv.pem -nodes -sha256 -days 1 \
43f3c0df2fab tests: update test certificate generation instructions Gregory Szorc <gregory.szorc@gmail.com> parents: 29526 diff changeset	16 -out pub-expired.pem -batch -subj '/CN=localhost/emailAddress=hg@localhost/'
29331 1e02d9576194 tests: extract SSL certificates from test-https.t Yuya Nishihara <yuya@tcha.org> parents: diff changeset	17
29526 9d02bed8477b tests: regenerate x509 test certificates Gregory Szorc <gregory.szorc@gmail.com> parents: 29331 diff changeset	18 Generate a certificate not yet active by advancing the system time:
9d02bed8477b tests: regenerate x509 test certificates Gregory Szorc <gregory.szorc@gmail.com> parents: 29331 diff changeset	19
29579 43f3c0df2fab tests: update test certificate generation instructions Gregory Szorc <gregory.szorc@gmail.com> parents: 29526 diff changeset	20 $ faketime 2030-01-1T00:00:00Z \
43f3c0df2fab tests: update test certificate generation instructions Gregory Szorc <gregory.szorc@gmail.com> parents: 29526 diff changeset	21 openssl req -new -x509 -key priv.pem -nodes -sha256 -days 1 \
43f3c0df2fab tests: update test certificate generation instructions Gregory Szorc <gregory.szorc@gmail.com> parents: 29526 diff changeset	22 -out pub-not-yet.pem -batch -subj '/CN=localhost/emailAddress=hg@localhost/'
29526 9d02bed8477b tests: regenerate x509 test certificates Gregory Szorc <gregory.szorc@gmail.com> parents: 29331 diff changeset	23
9d02bed8477b tests: regenerate x509 test certificates Gregory Szorc <gregory.szorc@gmail.com> parents: 29331 diff changeset	24 Generate a passphrase protected client certificate private key:
9d02bed8477b tests: regenerate x509 test certificates Gregory Szorc <gregory.szorc@gmail.com> parents: 29331 diff changeset	25
9d02bed8477b tests: regenerate x509 test certificates Gregory Szorc <gregory.szorc@gmail.com> parents: 29331 diff changeset	26 $ openssl genrsa -aes256 -passout pass:1234 -out client-key.pem 2048
9d02bed8477b tests: regenerate x509 test certificates Gregory Szorc <gregory.szorc@gmail.com> parents: 29331 diff changeset	27
9d02bed8477b tests: regenerate x509 test certificates Gregory Szorc <gregory.szorc@gmail.com> parents: 29331 diff changeset	28 Create a copy of the private key without a passphrase:
9d02bed8477b tests: regenerate x509 test certificates Gregory Szorc <gregory.szorc@gmail.com> parents: 29331 diff changeset	29
9d02bed8477b tests: regenerate x509 test certificates Gregory Szorc <gregory.szorc@gmail.com> parents: 29331 diff changeset	30 $ openssl rsa -in client-key.pem -passin pass:1234 -out client-key-decrypted.pem
29331 1e02d9576194 tests: extract SSL certificates from test-https.t Yuya Nishihara <yuya@tcha.org> parents: diff changeset	31
29526 9d02bed8477b tests: regenerate x509 test certificates Gregory Szorc <gregory.szorc@gmail.com> parents: 29331 diff changeset	32 Create a CSR and sign the key using the server keypair:
9d02bed8477b tests: regenerate x509 test certificates Gregory Szorc <gregory.szorc@gmail.com> parents: 29331 diff changeset	33
9d02bed8477b tests: regenerate x509 test certificates Gregory Szorc <gregory.szorc@gmail.com> parents: 29331 diff changeset	34 $ printf '.\n.\n.\n.\n.\n.\nhg-client@localhost\n.\n.\n' \| \
9d02bed8477b tests: regenerate x509 test certificates Gregory Szorc <gregory.szorc@gmail.com> parents: 29331 diff changeset	35 openssl req -new -key client-key.pem -passin pass:1234 -out client-csr.pem
9d02bed8477b tests: regenerate x509 test certificates Gregory Szorc <gregory.szorc@gmail.com> parents: 29331 diff changeset	36 $ openssl x509 -req -days 9000 -in client-csr.pem -CA pub.pem -CAkey priv.pem \
9d02bed8477b tests: regenerate x509 test certificates Gregory Szorc <gregory.szorc@gmail.com> parents: 29331 diff changeset	37 -set_serial 01 -out client-cert.pem
29331 1e02d9576194 tests: extract SSL certificates from test-https.t Yuya Nishihara <yuya@tcha.org> parents: diff changeset	38
29526 9d02bed8477b tests: regenerate x509 test certificates Gregory Szorc <gregory.szorc@gmail.com> parents: 29331 diff changeset	39 When replacing the certificates, references to certificate fingerprints will
9d02bed8477b tests: regenerate x509 test certificates Gregory Szorc <gregory.szorc@gmail.com> parents: 29331 diff changeset	40 need to be updated in test files.
9d02bed8477b tests: regenerate x509 test certificates Gregory Szorc <gregory.szorc@gmail.com> parents: 29331 diff changeset	41
9d02bed8477b tests: regenerate x509 test certificates Gregory Szorc <gregory.szorc@gmail.com> parents: 29331 diff changeset	42 Fingerprints for certs can be obtained by running:
9d02bed8477b tests: regenerate x509 test certificates Gregory Szorc <gregory.szorc@gmail.com> parents: 29331 diff changeset	43
9d02bed8477b tests: regenerate x509 test certificates Gregory Szorc <gregory.szorc@gmail.com> parents: 29331 diff changeset	44 $ openssl x509 -in pub.pem -noout -sha1 -fingerprint
9d02bed8477b tests: regenerate x509 test certificates Gregory Szorc <gregory.szorc@gmail.com> parents: 29331 diff changeset	45 $ openssl x509 -in pub.pem -noout -sha256 -fingerprint

Mercurial > hg

annotate tests/sslcerts/README @ 39939:e85462d48cb3 stable