diff options
Diffstat (limited to 'test/certs/setup.sh')
-rwxr-xr-x | test/certs/setup.sh | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/test/certs/setup.sh b/test/certs/setup.sh index 9606c77bb7..f34104613f 100755 --- a/test/certs/setup.sh +++ b/test/certs/setup.sh @@ -32,6 +32,14 @@ openssl x509 -in root-nonca.pem -trustout \ openssl x509 -in root-nonca.pem -trustout \ -addtrust anyExtendedKeyUsage -out nroot+anyEKU.pem +# Root CA security level variants: +# MD5 self-signature +OPENSSL_SIGALG=md5 \ +./mkcert.sh genroot "Root CA" root-key root-cert-md5 +# 768-bit key +OPENSSL_KEYBITS=768 \ +./mkcert.sh genroot "Root CA" root-key-768 root-cert-768 + # primary client-EKU root: croot-cert # trust variants: +serverAuth -serverAuth +clientAuth +anyEKU -anyEKU # @@ -97,6 +105,18 @@ openssl x509 -in ca-nonca.pem -trustout \ openssl x509 -in ca-nonca.pem -trustout \ -addtrust serverAuth -out nca+anyEKU.pem +# Intermediate CA security variants: +# MD5 issuer signature, +OPENSSL_SIGALG=md5 \ +./mkcert.sh genca "CA" ca-key ca-cert-md5 root-key root-cert +openssl x509 -in ca-cert-md5.pem -trustout \ + -addtrust anyExtendedKeyUsage -out ca-cert-md5-any.pem +# Issuer has 768-bit key +./mkcert.sh genca "CA" ca-key ca-cert-768i root-key-768 root-cert-768 +# CA has 768-bit key +OPENSSL_KEYBITS=768 \ +./mkcert.sh genca "CA" ca-key-768 ca-cert-768 root-key root-cert + # client intermediate ca: cca-cert # trust variants: +serverAuth, -serverAuth, +clientAuth, -clientAuth # @@ -152,3 +172,13 @@ openssl x509 -in ee-client.pem -trustout \ -addtrust clientAuth -out ee+clientAuth.pem openssl x509 -in ee-client.pem -trustout \ -addreject clientAuth -out ee-clientAuth.pem + +# Leaf cert security level variants +# MD5 issuer signature +OPENSSL_SIGALG=md5 \ +./mkcert.sh genee server.example ee-key ee-cert-md5 ca-key ca-cert +# 768-bit issuer key +./mkcert.sh genee server.example ee-key ee-cert-768i ca-key-768 ca-cert-768 +# 768-bit leaf key +OPENSSL_KEYBITS=768 \ +./mkcert.sh genee server.example ee-key-768 ee-cert-768 ca-key ca-cert |