curl/tests/certs/scripts/genroot.sh
Daniel Stenberg e73fe837a8 - Peter Sylvester made the HTTPS test server use specific certificates for
each test, so that the test suite can now be used to actually test the
  verification of cert names etc. This made an error show up in the OpenSSL-
  specific code where it would attempt to match the CN field even if a
  subjectAltName exists that doesn't match. This is now fixed and verified
  in test 311.
2009-08-11 21:48:58 +00:00

64 lines
2.0 KiB
Bash
Executable File

#!/bin/bash
# (c) CopyRight EdelWeb for EdelKey and OpenEvidence, 2000-2004, 2009
# Author: Peter Sylvester
# "libre" for integration with curl
OPENSSL=openssl
if [ -f /usr/local/ssl/bin/openssl ] ; then
OPENSSL=/usr/local/ssl/bin/openssl
fi
USAGE="echo Usage is genroot.sh \<name\>"
HOME=`pwd`
cd $HOME
KEYSIZE=2048
DURATION=6000
PREFIX=$1
if [ ".$PREFIX" = . ] ; then
echo No configuration prefix
NOTOK=1
else
if [ ! -f $PREFIX-ca.prm ] ; then
echo No configuration file $PREFIX-ca.prm
NOTOK=1
fi
fi
if [ ".$NOTOK" != . ] ; then
echo "Sorry, I can't do that for you."
$USAGE
exit
fi
GETSERIAL="\$t = time ;\$d = \$t . substr(\$t+$$ ,-4,4)-1;print \$d"
SERIAL=`/usr/bin/env perl -e "$GETSERIAL"`
echo SERIAL=$SERIAL PREFIX=$PREFIX DURATION=$DURATION KEYSIZE=$KEYSIZE
echo "openssl req -config $PREFIX-ca.prm -newkey rsa:$KEYSIZE -keyout $PREFIX-ca.key -out $PREFIX-ca.csr"
$OPENSSL req -config $PREFIX-ca.prm -newkey rsa:$KEYSIZE -keyout $PREFIX-ca.key -out $PREFIX-ca.csr
echo "openssl x509 -set_serial $SERIAL -extfile $PREFIX-ca.prm -days $DURATION -req -signkey $PREFIX-ca.key -in $PREFIX-ca.csr -out $PREFIX-$SERIAL.ca-cacert -sha1 "
$OPENSSL x509 -set_serial $SERIAL -extfile $PREFIX-ca.prm -days $DURATION -req -signkey $PREFIX-ca.key -in $PREFIX-ca.csr -out $PREFIX-$SERIAL-ca.cacert -sha1
echo "openssl x509 -text -hash -out $PREFIX-ca.cacert -in $PREFIX-$SERIAL-ca.cacert -nameopt multiline"
$OPENSSL x509 -text -hash -out $PREFIX-ca.cacert -in $PREFIX-$SERIAL-ca.cacert -nameopt multiline
echo "openssl x509 -in $PREFIX-ca.cacert -outform der -out $PREFIX-ca.der "
$OPENSSL x509 -in $PREFIX-ca.cacert -outform der -out $PREFIX-ca.der
echo "openssl x509 -in $PREFIX-ca.cacert -text -out $PREFIX-ca.crt -nameopt multiline"
$OPENSSL x509 -in $PREFIX-ca.cacert -text -out $PREFIX-ca.crt -nameopt multiline
echo "openssl x509 -noout -text -in $PREFIX-ca.cacert -nameopt multiline"
$OPENSSL x509 -noout -text -in $PREFIX-ca.cacert -nameopt multiline
#$OPENSSL rsa -in ../keys/$PREFIX-ca.key -text -noout -pubout