From 7d5c61d02c718e0c2ca8c060e57fdac96a233163 Mon Sep 17 00:00:00 2001 From: estark Date: Mon, 30 Mar 2015 23:19:02 -0700 Subject: [PATCH] Update generate-cross-signed-certs.sh to use SHA256 instead of SHA1 The script already tries to use a SHA256 root by default (as specified in ca.cnf) and fails because a SHA256 root isn't generated by the script. This change makes the script run without having to set ALGO=sha1. BUG=471784 Review URL: https://codereview.chromium.org/1048903002 Cr-Commit-Position: refs/heads/master@{#322987} --- net/cert/cert_verify_proc_unittest.cc | 2 +- net/data/ssl/certificates/README | 2 +- net/data/ssl/certificates/cross-signed-leaf.pem | 164 ++++++++++----------- .../ssl/certificates/cross-signed-root-md5.pem | 150 +++++++++---------- .../ssl/certificates/cross-signed-root-sha1.pem | 75 ---------- .../ssl/certificates/cross-signed-root-sha256.pem | 75 ++++++++++ .../ssl/scripts/generate-cross-signed-certs.sh | 57 +++---- 7 files changed, 263 insertions(+), 262 deletions(-) rewrite net/data/ssl/certificates/cross-signed-leaf.pem (80%) rewrite net/data/ssl/certificates/cross-signed-root-md5.pem (81%) delete mode 100644 net/data/ssl/certificates/cross-signed-root-sha1.pem create mode 100644 net/data/ssl/certificates/cross-signed-root-sha256.pem diff --git a/net/cert/cert_verify_proc_unittest.cc b/net/cert/cert_verify_proc_unittest.cc index bb90923055f5..ed6f028b2002 100644 --- a/net/cert/cert_verify_proc_unittest.cc +++ b/net/cert/cert_verify_proc_unittest.cc @@ -440,7 +440,7 @@ TEST_F(CertVerifyProcTest, MAYBE_ExtraneousMD5RootCert) { ASSERT_NE(static_cast(NULL), extra_cert.get()); scoped_refptr root_cert = - ImportCertFromFile(certs_dir, "cross-signed-root-sha1.pem"); + ImportCertFromFile(certs_dir, "cross-signed-root-sha256.pem"); ASSERT_NE(static_cast(NULL), root_cert.get()); ScopedTestRoot scoped_root(root_cert.get()); diff --git a/net/data/ssl/certificates/README b/net/data/ssl/certificates/README index a17cc474079c..3f76a2a101cc 100644 --- a/net/data/ssl/certificates/README +++ b/net/data/ssl/certificates/README @@ -178,7 +178,7 @@ unit tests. ===== From net/data/ssl/scripts/generate-cross-signed-certs.sh - cross-signed-leaf.pem - cross-signed-root-md5.pem -- cross-signed-root-sha1.pem +- cross-signed-root-sha256.pem A certificate chain for regression testing http://crbug.com/108514 ===== From net/data/ssl/scripts/generate-redundant-test-chains.sh diff --git a/net/data/ssl/certificates/cross-signed-leaf.pem b/net/data/ssl/certificates/cross-signed-leaf.pem dissimilarity index 80% index 563c0575eabf..0e5bda1c0d55 100644 --- a/net/data/ssl/certificates/cross-signed-leaf.pem +++ b/net/data/ssl/certificates/cross-signed-leaf.pem @@ -1,82 +1,82 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: 236 (0xec) - Signature Algorithm: sha1WithRSAEncryption - Issuer: CN=Test Dup-Hash Root CA - Validity - Not Before: Jul 1 22:15:21 2013 GMT - Not After : Jun 29 22:15:21 2023 GMT - Subject: C=US, ST=California, L=Mountain View, O=Test CA, CN=127.0.0.1 - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - Public-Key: (2048 bit) - Modulus: - 00:b7:96:78:e6:03:94:d8:22:d8:88:01:b2:00:93: - 86:a1:c0:d9:49:5f:23:40:93:f8:ec:3f:9e:b2:b3: - 9d:70:ea:6d:83:6c:05:fd:7c:04:be:61:0f:3b:12: - 54:cf:36:fd:0b:33:b9:e8:6f:ea:2a:fd:6c:9a:1f: - a9:8d:e9:1b:77:0f:7b:cd:14:1c:5c:b2:0f:8b:b7: - 97:14:7c:25:78:e0:26:3c:e0:e6:8a:f7:6f:25:5d: - 45:34:c3:fe:26:67:d7:69:8d:21:e9:b4:86:59:86: - cb:15:fa:10:dc:d3:30:57:da:0d:a5:c7:ee:16:f6: - 56:89:e3:51:7e:e6:2d:8d:9c:6f:3f:ca:57:3b:bc: - 1e:81:58:28:a1:ff:0f:d9:0b:44:a5:04:9d:a4:4f: - 68:5a:67:46:80:1b:df:24:40:49:ac:4c:85:70:f3: - 84:47:81:cf:8d:cc:4b:e2:b0:4b:1f:33:ed:c3:a0: - 7d:8c:d5:a0:4c:43:68:fb:2a:59:74:25:2b:ef:da: - 3c:db:75:6c:84:b4:1e:fa:f1:26:40:03:7c:f7:04: - cf:99:70:9a:49:10:f6:91:1c:30:2d:a7:33:5f:7e: - 92:4e:b0:91:4f:24:35:92:92:e3:77:99:db:6f:21: - 4d:82:b8:01:f8:d6:5e:cc:1a:20:1e:d9:3e:d7:1d: - fb:dd - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Basic Constraints: critical - CA:FALSE - X509v3 Subject Key Identifier: - 80:2C:F6:3D:68:54:4C:34:20:8F:76:5B:06:97:BB:9E:40:8D:28:3E - X509v3 Authority Key Identifier: - keyid:96:2A:53:9C:77:4D:AC:DD:C3:62:E8:7C:3A:53:66:E6:B1:9E:D0:5F - - X509v3 Extended Key Usage: - TLS Web Server Authentication, TLS Web Client Authentication - X509v3 Subject Alternative Name: - IP Address:127.0.0.1 - Signature Algorithm: sha1WithRSAEncryption - 78:fb:0b:4a:4f:9e:6d:76:b7:c0:27:0f:06:92:a9:c1:97:d9: - cd:15:5d:9b:18:93:2a:06:95:bc:48:e9:4e:02:ac:92:a5:c8: - 6a:71:1d:69:a2:8d:ae:bd:cf:5b:d9:c3:5e:cb:db:01:13:1b: - c7:13:fd:22:f6:ca:48:ca:98:de:93:54:48:15:38:1f:22:c8: - 2f:fb:71:73:2e:f5:d2:7e:48:91:6e:9a:c7:0b:51:96:d6:c1: - c0:2a:d4:3c:69:3e:dd:1d:7d:d4:b1:0f:d1:d3:41:ca:a8:22: - 8f:19:9d:a7:91:7b:25:26:4e:c6:e8:3b:9b:e7:cd:c4:f2:c5: - 63:c3:10:6f:93:03:b1:c6:e9:05:db:1e:cf:42:19:72:b2:b2: - cf:30:a0:99:70:6c:fb:4e:7f:ca:a5:3b:8b:83:72:10:77:04: - e4:96:a9:8e:70:2d:c0:54:71:5e:76:8f:4c:20:33:d6:78:f2: - d9:6a:2c:b0:7a:1e:82:08:3d:e8:59:87:e9:a0:3c:84:3d:b4: - 60:38:01:89:04:93:d0:3e:36:5d:57:aa:03:4f:ca:46:80:a0: - d2:2c:d0:59:18:b1:fb:66:84:39:4d:90:c5:20:d7:4b:03:11: - 77:b4:fd:24:58:d9:1f:dc:4d:34:f7:c9:54:59:3f:8e:1a:17: - e8:b1:65:a5 ------BEGIN CERTIFICATE----- -MIIDfTCCAmWgAwIBAgICAOwwDQYJKoZIhvcNAQEFBQAwIDEeMBwGA1UEAwwVVGVz -dCBEdXAtSGFzaCBSb290IENBMB4XDTEzMDcwMTIyMTUyMVoXDTIzMDYyOTIyMTUy -MVowYDELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcM -DU1vdW50YWluIFZpZXcxEDAOBgNVBAoMB1Rlc3QgQ0ExEjAQBgNVBAMMCTEyNy4w -LjAuMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALeWeOYDlNgi2IgB -sgCThqHA2UlfI0CT+Ow/nrKznXDqbYNsBf18BL5hDzsSVM82/Qszuehv6ir9bJof -qY3pG3cPe80UHFyyD4u3lxR8JXjgJjzg5or3byVdRTTD/iZn12mNIem0hlmGyxX6 -ENzTMFfaDaXH7hb2VonjUX7mLY2cbz/KVzu8HoFYKKH/D9kLRKUEnaRPaFpnRoAb -3yRASaxMhXDzhEeBz43MS+KwSx8z7cOgfYzVoExDaPsqWXQlK+/aPNt1bIS0Hvrx -JkADfPcEz5lwmkkQ9pEcMC2nM19+kk6wkU8kNZKS43eZ228hTYK4AfjWXswaIB7Z -Ptcd+90CAwEAAaOBgDB+MAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFIAs9j1oVEw0 -II92WwaXu55AjSg+MB8GA1UdIwQYMBaAFJYqU5x3Tazdw2LofDpTZuaxntBfMB0G -A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAPBgNVHREECDAGhwR/AAABMA0G -CSqGSIb3DQEBBQUAA4IBAQB4+wtKT55tdrfAJw8GkqnBl9nNFV2bGJMqBpW8SOlO -AqySpchqcR1poo2uvc9b2cNey9sBExvHE/0i9spIypjek1RIFTgfIsgv+3FzLvXS -fkiRbprHC1GW1sHAKtQ8aT7dHX3UsQ/R00HKqCKPGZ2nkXslJk7G6Dub583E8sVj -wxBvkwOxxukF2x7PQhlysrLPMKCZcGz7Tn/KpTuLg3IQdwTklqmOcC3AVHFedo9M -IDPWePLZaiyweh6CCD3oWYfpoDyEPbRgOAGJBJPQPjZdV6oDT8pGgKDSLNBZGLH7 -ZoQ5TZDFINdLAxF3tP0kWNkf3E0098lUWT+OGhfosWWl ------END CERTIFICATE----- +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Test Dup-Hash Root CA + Validity + Not Before: Mar 31 04:22:42 2015 GMT + Not After : Mar 28 04:22:42 2025 GMT + Subject: C=US, ST=California, L=Mountain View, O=Test CA, CN=127.0.0.1 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:b2:98:4c:42:b8:4a:63:4e:e0:2d:ec:eb:57:b1: + 88:9f:c4:13:f0:7f:41:0f:c8:39:b3:1e:63:6b:67: + 4c:e7:07:8e:f5:a4:62:b0:4b:dd:75:5d:50:16:54: + fe:e5:ae:b1:76:aa:ba:c4:f3:55:79:b3:b4:fc:59: + 23:b3:09:2e:e8:ac:eb:cd:16:6f:c9:5b:88:c4:d0: + 94:29:05:0f:1b:68:cf:cd:80:b9:45:c7:37:4b:84: + ff:e5:a8:49:8d:5d:2f:59:ae:f6:ee:bb:5a:94:7b: + 3b:25:62:c4:3f:ab:8b:9e:58:af:31:ca:9e:26:9a: + 03:20:87:7b:c2:42:19:65:86:d8:7a:b3:dd:91:57: + f5:d2:4e:d4:20:2b:1d:ce:cb:25:e5:45:6e:e1:35: + 12:7b:bb:d7:23:c2:e9:a6:cf:f6:32:73:cf:e0:5b: + 75:73:6f:74:b5:7e:87:ce:98:ab:e8:b9:05:f6:f1: + 6c:94:26:62:f3:8c:cf:e1:ba:17:fc:a9:e4:fb:2f: + 1f:8f:ce:91:be:72:ba:e3:d0:a6:44:2e:89:7e:92: + 15:eb:c2:2d:a2:13:0a:83:6b:6c:09:3a:9c:9c:68: + 63:6b:16:7f:a3:d0:07:f9:8b:c3:bf:43:37:8d:70: + bc:a9:cf:a4:0d:c4:72:a1:c6:6b:b9:a9:bd:a9:8f: + 43:67 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:FALSE + X509v3 Subject Key Identifier: + 78:F8:09:99:91:78:5B:B0:8B:60:B2:C7:41:B1:0C:26:29:0F:ED:91 + X509v3 Authority Key Identifier: + keyid:C2:03:2C:7F:26:8E:42:C0:C9:99:2A:10:75:E6:13:94:12:60:48:E1 + + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + X509v3 Subject Alternative Name: + IP Address:127.0.0.1 + Signature Algorithm: sha256WithRSAEncryption + 9c:6a:25:23:9f:10:dd:14:9c:37:d4:71:dd:86:d0:0b:5b:d7: + d0:2c:fc:a6:ec:c1:7a:aa:86:a4:87:ac:a3:5a:a7:a6:9c:8a: + 57:3d:2a:60:ca:2e:47:47:ce:12:30:1e:59:d5:e7:be:9f:be: + 89:44:8c:2e:ad:2a:62:da:07:13:84:d7:4f:a5:f8:fe:07:51: + 3a:32:6b:28:98:cf:1c:90:6d:26:64:d7:98:e5:c8:0b:03:91: + 3b:48:60:93:5f:67:b0:7a:08:93:b7:37:f9:56:e4:06:4d:fd: + ff:38:d2:72:d4:15:d4:6d:4f:6a:46:18:d9:24:ae:92:c8:65: + ef:49:f8:f7:4e:3b:2f:fa:f8:9a:a9:af:29:41:fb:cf:b6:36: + 41:5f:51:bb:40:e6:43:05:fd:ca:5f:b3:91:50:60:48:13:c5: + bf:f8:30:c5:1d:97:a6:d6:6b:77:0d:ff:9d:01:b1:8a:5e:b4: + 26:fd:42:f8:63:c1:cf:44:d0:09:d1:e4:ff:9a:75:7b:5a:32: + 7e:f9:64:12:f0:10:83:62:81:af:4c:ee:0c:25:c0:a8:b4:26: + a2:35:15:04:98:52:49:3e:ea:01:90:66:90:04:55:5e:5d:7d: + f8:4e:40:78:3c:b3:a0:d8:dc:5d:ff:0b:ed:d6:4e:2e:94:f7: + ac:84:b3:d0 +-----BEGIN CERTIFICATE----- +MIIDfDCCAmSgAwIBAgIBATANBgkqhkiG9w0BAQsFADAgMR4wHAYDVQQDDBVUZXN0 +IER1cC1IYXNoIFJvb3QgQ0EwHhcNMTUwMzMxMDQyMjQyWhcNMjUwMzI4MDQyMjQy +WjBgMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwN +TW91bnRhaW4gVmlldzEQMA4GA1UECgwHVGVzdCBDQTESMBAGA1UEAwwJMTI3LjAu +MC4xMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsphMQrhKY07gLezr +V7GIn8QT8H9BD8g5sx5ja2dM5weO9aRisEvddV1QFlT+5a6xdqq6xPNVebO0/Fkj +swku6KzrzRZvyVuIxNCUKQUPG2jPzYC5Rcc3S4T/5ahJjV0vWa727rtalHs7JWLE +P6uLnlivMcqeJpoDIId7wkIZZYbYerPdkVf10k7UICsdzssl5UVu4TUSe7vXI8Lp +ps/2MnPP4Ft1c290tX6Hzpir6LkF9vFslCZi84zP4boX/Knk+y8fj86RvnK649Cm +RC6JfpIV68ItohMKg2tsCTqcnGhjaxZ/o9AH+YvDv0M3jXC8qc+kDcRyocZruam9 +qY9DZwIDAQABo4GAMH4wDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUePgJmZF4W7CL +YLLHQbEMJikP7ZEwHwYDVR0jBBgwFoAUwgMsfyaOQsDJmSoQdeYTlBJgSOEwHQYD +VR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA8GA1UdEQQIMAaHBH8AAAEwDQYJ +KoZIhvcNAQELBQADggEBAJxqJSOfEN0UnDfUcd2G0Atb19As/KbswXqqhqSHrKNa +p6acilc9KmDKLkdHzhIwHlnV576fvolEjC6tKmLaBxOE10+l+P4HUToyayiYzxyQ +bSZk15jlyAsDkTtIYJNfZ7B6CJO3N/lW5AZN/f840nLUFdRtT2pGGNkkrpLIZe9J ++PdOOy/6+JqprylB+8+2NkFfUbtA5kMF/cpfs5FQYEgTxb/4MMUdl6bWa3cN/50B +sYpetCb9Qvhjwc9E0AnR5P+adXtaMn75ZBLwEINiga9M7gwlwKi0JqI1FQSYUkk+ +6gGQZpAEVV5dffhOQHg8s6DY3F3/C+3WTi6U96yEs9A= +-----END CERTIFICATE----- diff --git a/net/data/ssl/certificates/cross-signed-root-md5.pem b/net/data/ssl/certificates/cross-signed-root-md5.pem dissimilarity index 81% index 24f2dab9f3c6..1b949755c9a8 100644 --- a/net/data/ssl/certificates/cross-signed-root-md5.pem +++ b/net/data/ssl/certificates/cross-signed-root-md5.pem @@ -1,75 +1,75 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: 9681607970376803213 (0x865bfb2758e6638d) - Signature Algorithm: md5WithRSAEncryption - Issuer: CN=Test Dup-Hash Root CA - Validity - Not Before: Jul 1 22:15:21 2013 GMT - Not After : Jun 29 22:15:21 2023 GMT - Subject: CN=Test Dup-Hash Root CA - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - Public-Key: (2048 bit) - Modulus: - 00:de:f6:bf:8a:9b:10:4f:4c:c8:e7:9d:38:f8:ce: - fc:f9:02:89:38:05:be:2e:cc:bc:18:8d:cc:32:cb: - 65:06:21:b6:12:1a:af:fc:98:60:26:60:e7:60:57: - 68:24:17:d6:6c:f9:f1:0f:5b:a9:ae:55:a3:fc:84: - c7:b4:0d:e6:71:98:e5:a5:6a:3a:30:05:35:22:59: - 29:d3:27:4c:82:c4:1c:d6:2b:19:78:c7:2c:6e:75: - c0:bb:5f:3c:c0:9f:ed:0f:72:10:59:0d:cd:88:08: - 76:9b:e1:fc:1d:7d:d1:d0:d7:e1:76:d8:44:9c:c4: - 80:3e:d1:09:cb:67:07:81:ed:1a:fc:68:15:3a:11: - f8:f8:8e:02:8b:ec:e3:c5:e6:84:7f:99:79:cf:d8: - 9e:54:ea:3e:65:3c:ae:cb:4f:a5:4a:3b:32:65:00: - 92:45:e5:cd:2a:38:f3:18:b2:1d:62:8e:3c:a5:89: - 47:6a:0d:43:87:68:82:10:5d:e3:db:70:e5:60:9c: - 13:c4:87:54:3d:3c:7b:f1:b4:16:b6:4b:b9:23:74: - a4:a1:91:e2:61:29:63:37:b2:74:ec:49:a1:94:35: - 34:fd:c6:5c:55:54:14:14:eb:e1:12:22:28:0a:9e: - 10:b4:37:54:e6:50:93:85:87:0f:c1:34:ca:cb:76: - 12:8f - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Basic Constraints: critical - CA:TRUE - X509v3 Subject Key Identifier: - 96:2A:53:9C:77:4D:AC:DD:C3:62:E8:7C:3A:53:66:E6:B1:9E:D0:5F - X509v3 Key Usage: critical - Certificate Sign, CRL Sign - Signature Algorithm: md5WithRSAEncryption - 2d:0f:96:87:ae:0d:e6:47:c7:5b:b7:5c:d3:85:7a:b0:1b:e0: - 6e:43:1f:c7:8d:ab:1b:5a:5b:bf:3b:a4:de:4b:45:bd:f6:59: - 12:b2:56:7e:4c:ea:67:e9:bc:23:09:ba:e8:89:55:78:98:55: - b0:12:bf:92:3c:45:e7:ec:56:f7:88:1d:10:f3:68:1a:84:97: - 26:44:90:e5:19:09:77:94:08:2c:f1:27:1e:bb:09:6d:36:47: - de:e2:7d:b4:fb:d5:8d:11:d7:09:9e:22:16:3e:e9:67:de:2b: - e6:6b:25:f6:02:b1:9c:5f:27:62:fe:21:a1:58:8f:b0:68:7d: - 44:1a:b4:af:b1:1b:c3:5d:84:d0:a4:1c:57:4c:28:2d:64:4f: - c6:19:93:c2:96:7d:b0:1f:80:e5:08:a0:14:1f:03:0c:ab:90: - c5:c9:01:22:36:39:66:a9:38:9d:8f:89:34:da:60:85:6e:de: - 47:33:78:d3:52:ea:0b:8d:38:70:8a:6b:b1:72:18:8e:e2:01: - 28:df:23:4a:18:9c:65:7e:f9:42:04:84:62:67:40:31:16:9d: - 09:0c:d6:2c:b6:86:5d:d0:b4:08:af:ca:d3:4e:a2:2c:15:d7: - c8:48:5c:92:ee:33:84:2d:6e:5e:97:f3:f7:ee:1a:30:fc:83: - 50:60:80:7a ------BEGIN CERTIFICATE----- -MIIDBTCCAe2gAwIBAgIJAIZb+ydY5mONMA0GCSqGSIb3DQEBBAUAMCAxHjAcBgNV -BAMMFVRlc3QgRHVwLUhhc2ggUm9vdCBDQTAeFw0xMzA3MDEyMjE1MjFaFw0yMzA2 -MjkyMjE1MjFaMCAxHjAcBgNVBAMMFVRlc3QgRHVwLUhhc2ggUm9vdCBDQTCCASIw -DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN72v4qbEE9MyOedOPjO/PkCiTgF -vi7MvBiNzDLLZQYhthIar/yYYCZg52BXaCQX1mz58Q9bqa5Vo/yEx7QN5nGY5aVq -OjAFNSJZKdMnTILEHNYrGXjHLG51wLtfPMCf7Q9yEFkNzYgIdpvh/B190dDX4XbY -RJzEgD7RCctnB4HtGvxoFToR+PiOAovs48XmhH+Zec/YnlTqPmU8rstPpUo7MmUA -kkXlzSo48xiyHWKOPKWJR2oNQ4doghBd49tw5WCcE8SHVD08e/G0FrZLuSN0pKGR -4mEpYzeydOxJoZQ1NP3GXFVUFBTr4RIiKAqeELQ3VOZQk4WHD8E0yst2Eo8CAwEA -AaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUlipTnHdNrN3DYuh8OlNm -5rGe0F8wDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBBAUAA4IBAQAtD5aHrg3m -R8dbt1zThXqwG+BuQx/HjasbWlu/O6TeS0W99lkSslZ+TOpn6bwjCbroiVV4mFWw -Er+SPEXn7Fb3iB0Q82gahJcmRJDlGQl3lAgs8SceuwltNkfe4n20+9WNEdcJniIW -Puln3ivmayX2ArGcXydi/iGhWI+waH1EGrSvsRvDXYTQpBxXTCgtZE/GGZPCln2w -H4DlCKAUHwMMq5DFyQEiNjlmqTidj4k02mCFbt5HM3jTUuoLjThwimuxchiO4gEo -3yNKGJxlfvlCBIRiZ0AxFp0JDNYstoZd0LQIr8rTTqIsFdfISFyS7jOELW5el/P3 -7how/INQYIB6 ------END CERTIFICATE----- +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 10718220368358975735 (0x94bec4a33064a8f7) + Signature Algorithm: md5WithRSAEncryption + Issuer: CN=Test Dup-Hash Root CA + Validity + Not Before: Mar 31 04:22:42 2015 GMT + Not After : Mar 28 04:22:42 2025 GMT + Subject: CN=Test Dup-Hash Root CA + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:bf:c1:3a:b7:c8:7a:cc:0c:62:28:82:1d:5b:8d: + ca:14:09:aa:d2:80:fe:07:19:88:ff:1c:42:5f:39: + 5c:97:5d:34:7a:07:44:4d:78:6c:bf:7f:c3:b2:99: + 85:cd:21:94:a8:bf:f9:4e:51:5e:37:bf:19:31:30: + d4:c7:a3:f4:30:b1:48:c2:c3:b1:1b:ef:cd:0d:1b: + 7c:6d:3b:0c:18:2b:fe:c7:73:89:d2:15:64:c1:92: + 2c:23:33:cf:d4:25:71:f4:80:c7:23:4b:6e:68:80: + f6:11:c8:19:11:ff:97:6d:f0:d0:37:a2:eb:ff:88: + 93:60:59:aa:ea:b8:d1:b7:16:50:c1:0e:9a:aa:a1: + 1d:89:6e:88:0a:4b:fd:3d:69:4b:28:52:d4:4f:d0: + d3:47:a6:ca:7e:96:95:15:ca:8f:e1:39:0c:66:d8: + 87:8f:67:93:61:56:6c:28:ee:09:1f:64:8c:a3:e1: + 00:ae:d3:97:4a:5c:dd:ba:b0:70:05:5e:81:25:c6: + 79:05:56:87:d6:bf:cc:07:94:99:97:c7:b1:4b:5e: + d4:1c:52:07:dc:55:e5:ad:1c:34:31:41:b0:00:c1: + 65:22:73:79:35:0f:5d:9c:5b:9f:c9:b4:43:f0:ec: + 77:c3:8f:93:3d:d3:e2:90:07:5b:e2:51:d4:81:4f: + 45:85 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Key Identifier: + C2:03:2C:7F:26:8E:42:C0:C9:99:2A:10:75:E6:13:94:12:60:48:E1 + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + Signature Algorithm: md5WithRSAEncryption + 3a:35:20:4c:8b:71:aa:d8:c4:d8:90:55:df:e1:f2:b7:e2:08: + 47:30:65:f4:e9:49:e9:54:20:8d:a9:97:52:70:5e:b5:6f:3e: + 31:12:0c:bc:ea:42:db:38:70:e6:05:03:78:6e:2d:21:a8:04: + ec:70:6b:c7:aa:ea:e6:ab:26:5b:5a:b2:a5:4a:44:48:fa:20: + 42:99:bb:e3:96:60:a9:1a:09:51:54:72:5c:27:05:59:1a:09: + f8:94:77:3c:ee:ab:08:68:e2:6d:ec:fb:74:5e:ec:f0:bf:76: + cd:6e:4a:9c:a1:7b:91:fc:8d:e9:1e:09:7e:60:8e:91:69:84: + 97:52:63:a0:0b:d6:ba:ec:48:c4:b3:c2:e2:fe:2d:0e:ef:48: + f3:f9:c3:c2:bd:40:e2:95:82:20:c9:63:81:35:b7:1e:18:08: + c0:38:bd:6c:df:e0:67:64:a4:c6:b2:93:1d:c5:c8:19:59:ab: + e0:fb:67:bc:dd:bd:4d:18:5f:04:de:a9:a5:c6:7e:fc:41:f6: + 53:07:91:1b:01:3c:cb:41:91:88:af:3f:86:b0:17:ab:40:b3: + 85:4a:88:12:3a:dc:1f:ac:c5:4c:0a:46:22:cb:98:8b:a7:85: + a7:c7:a4:44:69:82:60:93:dc:22:d5:55:5f:16:8f:ef:4f:ac: + f8:e6:84:4f +-----BEGIN CERTIFICATE----- +MIIDBTCCAe2gAwIBAgIJAJS+xKMwZKj3MA0GCSqGSIb3DQEBBAUAMCAxHjAcBgNV +BAMMFVRlc3QgRHVwLUhhc2ggUm9vdCBDQTAeFw0xNTAzMzEwNDIyNDJaFw0yNTAz +MjgwNDIyNDJaMCAxHjAcBgNVBAMMFVRlc3QgRHVwLUhhc2ggUm9vdCBDQTCCASIw +DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL/BOrfIeswMYiiCHVuNyhQJqtKA +/gcZiP8cQl85XJddNHoHRE14bL9/w7KZhc0hlKi/+U5RXje/GTEw1Mej9DCxSMLD +sRvvzQ0bfG07DBgr/sdzidIVZMGSLCMzz9QlcfSAxyNLbmiA9hHIGRH/l23w0Dei +6/+Ik2BZquq40bcWUMEOmqqhHYluiApL/T1pSyhS1E/Q00emyn6WlRXKj+E5DGbY +h49nk2FWbCjuCR9kjKPhAK7Tl0pc3bqwcAVegSXGeQVWh9a/zAeUmZfHsUte1BxS +B9xV5a0cNDFBsADBZSJzeTUPXZxbn8m0Q/Dsd8OPkz3T4pAHW+JR1IFPRYUCAwEA +AaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUwgMsfyaOQsDJmSoQdeYT +lBJgSOEwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBBAUAA4IBAQA6NSBMi3Gq +2MTYkFXf4fK34ghHMGX06UnpVCCNqZdScF61bz4xEgy86kLbOHDmBQN4bi0hqATs +cGvHqurmqyZbWrKlSkRI+iBCmbvjlmCpGglRVHJcJwVZGgn4lHc87qsIaOJt7Pt0 +Xuzwv3bNbkqcoXuR/I3pHgl+YI6RaYSXUmOgC9a67EjEs8Li/i0O70jz+cPCvUDi +lYIgyWOBNbceGAjAOL1s3+BnZKTGspMdxcgZWavg+2e83b1NGF8E3qmlxn78QfZT +B5EbATzLQZGIrz+GsBerQLOFSogSOtwfrMVMCkYiy5iLp4Wnx6REaYJgk9wi1VVf +Fo/vT6z45oRP +-----END CERTIFICATE----- diff --git a/net/data/ssl/certificates/cross-signed-root-sha1.pem b/net/data/ssl/certificates/cross-signed-root-sha1.pem deleted file mode 100644 index 71df04f4b660..000000000000 --- a/net/data/ssl/certificates/cross-signed-root-sha1.pem +++ /dev/null @@ -1,75 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: 16026332507200838417 (0xde68f88110005b11) - Signature Algorithm: sha1WithRSAEncryption - Issuer: CN=Test Dup-Hash Root CA - Validity - Not Before: Jul 1 22:15:21 2013 GMT - Not After : Jun 29 22:15:21 2023 GMT - Subject: CN=Test Dup-Hash Root CA - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - Public-Key: (2048 bit) - Modulus: - 00:de:f6:bf:8a:9b:10:4f:4c:c8:e7:9d:38:f8:ce: - fc:f9:02:89:38:05:be:2e:cc:bc:18:8d:cc:32:cb: - 65:06:21:b6:12:1a:af:fc:98:60:26:60:e7:60:57: - 68:24:17:d6:6c:f9:f1:0f:5b:a9:ae:55:a3:fc:84: - c7:b4:0d:e6:71:98:e5:a5:6a:3a:30:05:35:22:59: - 29:d3:27:4c:82:c4:1c:d6:2b:19:78:c7:2c:6e:75: - c0:bb:5f:3c:c0:9f:ed:0f:72:10:59:0d:cd:88:08: - 76:9b:e1:fc:1d:7d:d1:d0:d7:e1:76:d8:44:9c:c4: - 80:3e:d1:09:cb:67:07:81:ed:1a:fc:68:15:3a:11: - f8:f8:8e:02:8b:ec:e3:c5:e6:84:7f:99:79:cf:d8: - 9e:54:ea:3e:65:3c:ae:cb:4f:a5:4a:3b:32:65:00: - 92:45:e5:cd:2a:38:f3:18:b2:1d:62:8e:3c:a5:89: - 47:6a:0d:43:87:68:82:10:5d:e3:db:70:e5:60:9c: - 13:c4:87:54:3d:3c:7b:f1:b4:16:b6:4b:b9:23:74: - a4:a1:91:e2:61:29:63:37:b2:74:ec:49:a1:94:35: - 34:fd:c6:5c:55:54:14:14:eb:e1:12:22:28:0a:9e: - 10:b4:37:54:e6:50:93:85:87:0f:c1:34:ca:cb:76: - 12:8f - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Basic Constraints: critical - CA:TRUE - X509v3 Subject Key Identifier: - 96:2A:53:9C:77:4D:AC:DD:C3:62:E8:7C:3A:53:66:E6:B1:9E:D0:5F - X509v3 Key Usage: critical - Certificate Sign, CRL Sign - Signature Algorithm: sha1WithRSAEncryption - 82:0e:89:6b:05:a5:56:b1:0f:79:19:9f:1e:88:c9:7a:ba:fc: - 7e:9b:58:39:64:38:89:64:c6:59:c6:be:d1:c1:d7:41:bb:ac: - 68:22:61:df:27:0f:ee:00:90:8f:8a:27:ab:dc:46:6f:d3:f2: - 5e:1e:02:1f:8b:56:9f:83:6d:8d:a4:2a:2e:e3:f1:f1:91:ec: - c9:1c:f2:10:b7:7d:47:f4:1b:ff:75:c5:a9:74:5c:d7:f8:41: - c3:51:30:9d:bf:13:f6:24:82:70:15:83:2f:0d:e4:ce:8f:3a: - ff:92:d5:7d:6d:1a:66:6e:4a:15:4f:c3:c3:45:8d:12:09:c8: - 0c:58:db:6b:3c:7b:3f:65:49:ea:5d:72:c3:3d:9b:a5:5f:72: - 9f:72:d6:32:44:4f:cc:79:2a:c1:22:01:5e:0a:cf:2b:f7:03: - c6:bf:15:4b:d1:5a:ab:0f:c5:8f:11:6c:73:e9:a5:60:90:18: - ec:c2:dc:27:ce:f8:f1:95:d3:8e:df:29:c5:4a:dc:35:db:ed: - 71:ee:33:2e:71:69:6f:29:fd:40:b2:ff:66:19:81:c7:4d:c3: - e8:19:ad:d0:23:b3:7f:57:4e:95:15:52:dc:bf:65:b4:02:59: - dc:07:c4:e9:08:88:bf:c1:a4:1b:6e:79:3f:38:02:fd:11:93: - a8:f0:11:65 ------BEGIN CERTIFICATE----- -MIIDBTCCAe2gAwIBAgIJAN5o+IEQAFsRMA0GCSqGSIb3DQEBBQUAMCAxHjAcBgNV -BAMMFVRlc3QgRHVwLUhhc2ggUm9vdCBDQTAeFw0xMzA3MDEyMjE1MjFaFw0yMzA2 -MjkyMjE1MjFaMCAxHjAcBgNVBAMMFVRlc3QgRHVwLUhhc2ggUm9vdCBDQTCCASIw -DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN72v4qbEE9MyOedOPjO/PkCiTgF -vi7MvBiNzDLLZQYhthIar/yYYCZg52BXaCQX1mz58Q9bqa5Vo/yEx7QN5nGY5aVq -OjAFNSJZKdMnTILEHNYrGXjHLG51wLtfPMCf7Q9yEFkNzYgIdpvh/B190dDX4XbY -RJzEgD7RCctnB4HtGvxoFToR+PiOAovs48XmhH+Zec/YnlTqPmU8rstPpUo7MmUA -kkXlzSo48xiyHWKOPKWJR2oNQ4doghBd49tw5WCcE8SHVD08e/G0FrZLuSN0pKGR -4mEpYzeydOxJoZQ1NP3GXFVUFBTr4RIiKAqeELQ3VOZQk4WHD8E0yst2Eo8CAwEA -AaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUlipTnHdNrN3DYuh8OlNm -5rGe0F8wDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBBQUAA4IBAQCCDolrBaVW -sQ95GZ8eiMl6uvx+m1g5ZDiJZMZZxr7RwddBu6xoImHfJw/uAJCPiier3EZv0/Je -HgIfi1afg22NpCou4/HxkezJHPIQt31H9Bv/dcWpdFzX+EHDUTCdvxP2JIJwFYMv -DeTOjzr/ktV9bRpmbkoVT8PDRY0SCcgMWNtrPHs/ZUnqXXLDPZulX3KfctYyRE/M -eSrBIgFeCs8r9wPGvxVL0VqrD8WPEWxz6aVgkBjswtwnzvjxldOO3ynFStw12+1x -7jMucWlvKf1Asv9mGYHHTcPoGa3QI7N/V06VFVLcv2W0AlncB8TpCIi/waQbbnk/ -OAL9EZOo8BFl ------END CERTIFICATE----- diff --git a/net/data/ssl/certificates/cross-signed-root-sha256.pem b/net/data/ssl/certificates/cross-signed-root-sha256.pem new file mode 100644 index 000000000000..2ea6280b2c19 --- /dev/null +++ b/net/data/ssl/certificates/cross-signed-root-sha256.pem @@ -0,0 +1,75 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 14676396172197038779 (0xcbad088f4ab50abb) + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Test Dup-Hash Root CA + Validity + Not Before: Mar 31 04:22:42 2015 GMT + Not After : Mar 28 04:22:42 2025 GMT + Subject: CN=Test Dup-Hash Root CA + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:bf:c1:3a:b7:c8:7a:cc:0c:62:28:82:1d:5b:8d: + ca:14:09:aa:d2:80:fe:07:19:88:ff:1c:42:5f:39: + 5c:97:5d:34:7a:07:44:4d:78:6c:bf:7f:c3:b2:99: + 85:cd:21:94:a8:bf:f9:4e:51:5e:37:bf:19:31:30: + d4:c7:a3:f4:30:b1:48:c2:c3:b1:1b:ef:cd:0d:1b: + 7c:6d:3b:0c:18:2b:fe:c7:73:89:d2:15:64:c1:92: + 2c:23:33:cf:d4:25:71:f4:80:c7:23:4b:6e:68:80: + f6:11:c8:19:11:ff:97:6d:f0:d0:37:a2:eb:ff:88: + 93:60:59:aa:ea:b8:d1:b7:16:50:c1:0e:9a:aa:a1: + 1d:89:6e:88:0a:4b:fd:3d:69:4b:28:52:d4:4f:d0: + d3:47:a6:ca:7e:96:95:15:ca:8f:e1:39:0c:66:d8: + 87:8f:67:93:61:56:6c:28:ee:09:1f:64:8c:a3:e1: + 00:ae:d3:97:4a:5c:dd:ba:b0:70:05:5e:81:25:c6: + 79:05:56:87:d6:bf:cc:07:94:99:97:c7:b1:4b:5e: + d4:1c:52:07:dc:55:e5:ad:1c:34:31:41:b0:00:c1: + 65:22:73:79:35:0f:5d:9c:5b:9f:c9:b4:43:f0:ec: + 77:c3:8f:93:3d:d3:e2:90:07:5b:e2:51:d4:81:4f: + 45:85 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Key Identifier: + C2:03:2C:7F:26:8E:42:C0:C9:99:2A:10:75:E6:13:94:12:60:48:E1 + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + Signature Algorithm: sha256WithRSAEncryption + b9:b4:6f:2a:c5:07:99:6c:be:11:32:7c:17:eb:d7:00:54:25: + 6a:24:65:0a:11:09:ff:d5:25:46:0b:07:f4:8c:f5:63:77:4b: + 5e:12:50:d4:1a:c1:57:44:d4:2b:de:a3:ce:75:29:1b:76:1a: + ed:5f:86:af:6c:be:aa:a0:66:e2:01:43:c6:0b:f4:2b:65:bc: + c5:79:83:71:05:d0:d7:57:2a:7f:32:30:4b:9c:18:81:a6:9e: + a2:02:b9:71:62:fe:f8:f0:86:59:0f:59:42:e7:87:94:29:39: + 7f:1d:bd:b1:b5:76:4e:41:47:9e:20:39:3d:60:c1:2b:7f:ec: + d6:47:e7:45:df:08:16:fa:f9:ff:90:c9:b1:94:e6:e8:60:b4: + 90:09:e0:a8:0f:96:c6:dc:9e:da:82:2d:d2:19:da:db:14:ec: + f3:39:20:da:f8:b4:31:45:36:77:c6:07:e9:d6:a1:0c:36:f7: + c5:66:95:7d:17:10:d2:b4:10:ac:f2:84:f2:81:f9:60:04:cc: + 9e:08:bd:9c:bd:0b:b5:78:8e:f3:5f:fd:7b:8e:e8:82:08:4f: + 64:69:c9:0f:a0:06:50:b8:92:a9:f2:ca:17:2d:19:fe:9a:fd: + c9:2a:c3:93:58:96:c6:9a:4a:a9:17:c9:ff:c0:3b:02:69:30: + e4:3a:6d:71 +-----BEGIN CERTIFICATE----- +MIIDBTCCAe2gAwIBAgIJAMutCI9KtQq7MA0GCSqGSIb3DQEBCwUAMCAxHjAcBgNV +BAMMFVRlc3QgRHVwLUhhc2ggUm9vdCBDQTAeFw0xNTAzMzEwNDIyNDJaFw0yNTAz +MjgwNDIyNDJaMCAxHjAcBgNVBAMMFVRlc3QgRHVwLUhhc2ggUm9vdCBDQTCCASIw +DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL/BOrfIeswMYiiCHVuNyhQJqtKA +/gcZiP8cQl85XJddNHoHRE14bL9/w7KZhc0hlKi/+U5RXje/GTEw1Mej9DCxSMLD +sRvvzQ0bfG07DBgr/sdzidIVZMGSLCMzz9QlcfSAxyNLbmiA9hHIGRH/l23w0Dei +6/+Ik2BZquq40bcWUMEOmqqhHYluiApL/T1pSyhS1E/Q00emyn6WlRXKj+E5DGbY +h49nk2FWbCjuCR9kjKPhAK7Tl0pc3bqwcAVegSXGeQVWh9a/zAeUmZfHsUte1BxS +B9xV5a0cNDFBsADBZSJzeTUPXZxbn8m0Q/Dsd8OPkz3T4pAHW+JR1IFPRYUCAwEA +AaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUwgMsfyaOQsDJmSoQdeYT +lBJgSOEwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQC5tG8qxQeZ +bL4RMnwX69cAVCVqJGUKEQn/1SVGCwf0jPVjd0teElDUGsFXRNQr3qPOdSkbdhrt +X4avbL6qoGbiAUPGC/QrZbzFeYNxBdDXVyp/MjBLnBiBpp6iArlxYv748IZZD1lC +54eUKTl/Hb2xtXZOQUeeIDk9YMErf+zWR+dF3wgW+vn/kMmxlOboYLSQCeCoD5bG +3J7agi3SGdrbFOzzOSDa+LQxRTZ3xgfp1qEMNvfFZpV9FxDStBCs8oTygflgBMye +CL2cvQu1eI7zX/17juiCCE9kackPoAZQuJKp8soXLRn+mv3JKsOTWJbGmkqpF8n/ +wDsCaTDkOm1x +-----END CERTIFICATE----- diff --git a/net/data/ssl/scripts/generate-cross-signed-certs.sh b/net/data/ssl/scripts/generate-cross-signed-certs.sh index c9f94d02230f..f5a7024911f9 100755 --- a/net/data/ssl/scripts/generate-cross-signed-certs.sh +++ b/net/data/ssl/scripts/generate-cross-signed-certs.sh @@ -5,51 +5,55 @@ # found in the LICENSE file. # This script generates a two roots - one legacy one signed with MD5, and -# another (newer) one signed with SHA1 - and has a leaf certificate signed +# another (newer) one signed with SHA256 - and has a leaf certificate signed # by these without any distinguishers. # -# The "cross-signed" comes from the fact that both the MD5 and SHA1 roots share -# the same Authority Key ID, Subject Key ID, Subject, and Subject Public Key -# Info. When the chain building algorithm is evaluating paths, if it prefers +# The "cross-signed" comes from the fact that both the MD5 and SHA256 roots +# share the same Authority Key ID, Subject Key ID, Subject, and Subject Public +# Key Info. When the chain building algorithm is evaluating paths, if it prefers # untrusted over trusted, then it will see the MD5 certificate as a self-signed -# cert that is "cross-signed" by the trusted SHA1 root. +# cert that is "cross-signed" by the trusted SHA256 root. # -# The SHA1 root should be (temporarily) trusted, and the resulting chain -# should be leaf -> SHA1root, not leaf -> MD5root, leaf -> SHA1root -> MD5root, -# or leaf -> MD5root -> SHA1root +# The SHA256 root should be (temporarily) trusted, and the resulting chain +# should be leaf -> SHA256root, not leaf -> MD5root, leaf -> SHA256root -> +# MD5root, or leaf -> MD5root -> SHA256root try() { echo "$@" "$@" || exit 1 } +quiet_try() { + "$@" || exit 1 +} + try rm -rf out try mkdir out -try /bin/sh -c "echo 01 > out/2048-sha1-root-serial" +try /bin/sh -c "echo 01 > out/2048-sha256-root-serial" try /bin/sh -c "echo 02 > out/2048-md5-root-serial" -touch out/2048-sha1-root-index.txt +touch out/2048-sha256-root-index.txt touch out/2048-md5-root-index.txt # Generate the key -try openssl genrsa -out out/2048-sha1-root.key 2048 +try openssl genrsa -out out/2048-sha256-root.key 2048 # Generate the root certificate CA_COMMON_NAME="Test Dup-Hash Root CA" \ try openssl req \ -new \ - -key out/2048-sha1-root.key \ - -out out/2048-sha1-root.req \ + -key out/2048-sha256-root.key \ + -out out/2048-sha256-root.req \ -config ca.cnf CA_COMMON_NAME="Test Dup-Hash Root CA" \ try openssl x509 \ -req -days 3650 \ - -sha1 \ - -in out/2048-sha1-root.req \ - -out out/2048-sha1-root.pem \ + -sha256 \ + -in out/2048-sha256-root.req \ + -out out/2048-sha256-root.pem \ -text \ - -signkey out/2048-sha1-root.key \ + -signkey out/2048-sha256-root.key \ -extfile ca.cnf \ -extensions ca_cert @@ -57,10 +61,10 @@ CA_COMMON_NAME="Test Dup-Hash Root CA" \ try openssl x509 \ -req -days 3650 \ -md5 \ - -in out/2048-sha1-root.req \ + -in out/2048-sha256-root.req \ -out out/2048-md5-root.pem \ -text \ - -signkey out/2048-sha1-root.key \ + -signkey out/2048-sha256-root.key \ -extfile ca.cnf \ -extensions ca_cert @@ -81,12 +85,9 @@ CA_COMMON_NAME="Test Dup-Hash Root CA" \ -out out/ok_cert.pem \ -config ca.cnf -try openssl x509 -text \ - -in out/2048-md5-root.pem \ - -out ../certificates/cross-signed-root-md5.pem -try openssl x509 -text \ - -in out/2048-sha1-root.pem \ - -out ../certificates/cross-signed-root-sha1.pem -try openssl x509 -text \ - -in out/ok_cert.pem \ - -out ../certificates/cross-signed-leaf.pem +quiet_try openssl x509 -text \ + -in out/2048-md5-root.pem > ../certificates/cross-signed-root-md5.pem +quiet_try openssl x509 -text \ + -in out/2048-sha256-root.pem > ../certificates/cross-signed-root-sha256.pem +quiet_try openssl x509 -text \ + -in out/ok_cert.pem > ../certificates/cross-signed-leaf.pem -- 2.11.4.GIT