diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2012-06-29 14:24:42 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2012-06-29 14:24:42 +0000 |
commit | 18d7158809c9722f4c6d2a8af7513577274f9b56 (patch) | |
tree | 21cf503b096928ae887c28b997622eb4ee6bfd70 /demos | |
parent | 0f39bab0df4109bab7effc7428e1d759f36d8642 (diff) |
Add certificate callback. If set this is called whenever a certificate
is required by client or server. An application can decide which
certificate chain to present based on arbitrary criteria: for example
supported signature algorithms. Add very simple example to s_server.
This fixes many of the problems and restrictions of the existing client
certificate callback: for example you can now clear existing certificates
and specify the whole chain.
Diffstat (limited to 'demos')
-rw-r--r-- | demos/certs/apps/mkxcerts.sh | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/demos/certs/apps/mkxcerts.sh b/demos/certs/apps/mkxcerts.sh new file mode 100644 index 0000000000..88fb1c57c7 --- /dev/null +++ b/demos/certs/apps/mkxcerts.sh @@ -0,0 +1,29 @@ + +# Create certificates using various algorithms to test multi-certificate +# functionality. + +OPENSSL=../../../apps/openssl +CN="OpenSSL Test RSA SHA-1 cert" $OPENSSL req \ + -config apps.cnf -extensions usr_cert -x509 -nodes \ + -keyout tsha1.pem -out tsha1.pem -new -days 3650 -sha1 +CN="OpenSSL Test RSA SHA-256 cert" $OPENSSL req \ + -config apps.cnf -extensions usr_cert -x509 -nodes \ + -keyout tsha256.pem -out tsha256.pem -new -days 3650 -sha256 +CN="OpenSSL Test RSA SHA-512 cert" $OPENSSL req \ + -config apps.cnf -extensions usr_cert -x509 -nodes \ + -keyout tsha512.pem -out tsha512.pem -new -days 3650 -sha512 + +# Create EC parameters + +$OPENSSL ecparam -name P-256 -out ecp256.pem +$OPENSSL ecparam -name P-384 -out ecp384.pem + +CN="OpenSSL Test P-256 SHA-256 cert" $OPENSSL req \ + -config apps.cnf -extensions usr_cert -x509 -nodes \ + -nodes -keyout tecp256.pem -out tecp256.pem -newkey ec:ecp256.pem \ + -days 3650 -sha256 + +CN="OpenSSL Test P-384 SHA-384 cert" $OPENSSL req \ + -config apps.cnf -extensions usr_cert -x509 -nodes \ + -nodes -keyout tecp384.pem -out tecp384.pem -newkey ec:ecp384.pem \ + -days 3650 -sha384 |