yogsototh/hs-tls
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

generate DSA certificate and RSA certificate with proper extensions for tests

Browse source
This commit is contained in:
Vincent Hanquez 2013-12-28 15:30:37 +00:00
parent fa0d01df0d
commit 5a3422cbbc
2 changed files with 90 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

89
test-scripts/generate-server-certkey
View file

@ -1,6 +1,85 @@
#!/bin/sh #!/bin/sh -e
openssl genrsa -out server.key 1024
openssl rsa -in server.key -out server.pem #make req
openssl req -new -subj '/CN=www.mytest.com/O=MyTest/C=US' -key server.key -out server.csr
openssl x509 -req -days 1000 -in server.csr -signkey server.key -out server.crt cat > server.rsa.req << EOF
[ req ]
default_bits = 2048
default_keyfile = server.rsa.key
distinguished_name = req_distinguished_name
req_extensions = v3_req
x509_extensions = v3_ca
[req_distinguished_name]
C_default = US
C_min = 2
C_max = 2
O =
O_default = MyTest
O.0U =
0.OU_default = default
1.OU_default = PKI
2.OU_default = ABCD
commonName_default = www.mytest.com
commonName_max = 64
emailAddress_default = test@test.com
[ v3_req ]
basicConstraints = CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment
[ v3_ca ]
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always,issuer:always
subjectAltName = email:test@test.com
issuerAltName = issuer:copy
EOF
cat > server.dsa.req << EOF
[ req ]
keyfile = server.dsa.key
distinguished_name = req_distinguished_name
req_extensions = v3_req
x509_extensions = v3_ca
[req_distinguished_name]
C_default = US
C_min = 2
C_max = 2
O =
O_default = MyTest
O.0U =
0.OU_default = default
1.OU_default = PKI
2.OU_default = ABCD
commonName_default = www.mytest.com
commonName_max = 64
emailAddress_default = test@test.com
[ v3_req ]
basicConstraints = CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment
[ v3_ca ]
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always,issuer:always
subjectAltName = email:test@test.com
issuerAltName = issuer:copy
EOF
openssl genrsa -out server.rsa.key 1024
#openssl rsa -in server.rsa.key -out server.pem
openssl req -config server.rsa.req -key server.rsa.key -new -nodes -out server.rsa.crt -extensions v3_req -x509
#openssl x509 -req -days 1000 -in server.rsa.req -signkey server.rsa.key -out server.rsa.crt
openssl dsaparam -out server.dsa.params 1024
openssl gendsa server.dsa.params -out server.dsa.key
openssl req -config server.dsa.req -key server.dsa.key -new -nodes -out server.dsa.crt -extensions v3_req -x509
#openssl x509 -req -days 1000 -in server.dsa.req -signkey server.dsa.key -out server.dsa.crt

12
test-scripts/runtest-gnutls
View file

@ -8,23 +8,23 @@ fi
PORT=$(($$ % 10000 + 10000)) PORT=$(($$ % 10000 + 10000))
if [ ! -f server.crt ]; then if [ ! -f server.rsa.crt ]; then
echo "generate some certificate \"server.crt\"" echo "generate some certificate \"server.rsa.crt\""
exit 2 exit 2
fi fi
if [ ! -f server.key ]; then if [ ! -f server.rsa.key ]; then
echo "generate some private key \"server.key\"" echo "generate some private key \"server.rsa.key\""
exit 2 exit 2
fi fi
echo "running stunnel" echo "running stunnel"
${STUNNEL} server --certificate server.crt --key server.key --source=localhost:${PORT} --destination-type=fd --destination=2 > stunnel-gnutls-log 2>&1 & ${STUNNEL} server --certificate server.rsa.crt --key server.rsa.key --certificate server.dsa.crt --key server.dsa.key --source=localhost:${PORT} --destination-type=fd --debug --destination=2 > stunnel-gnutls-log 2>&1 &
stunnelpid=$(pidof stunnel) stunnelpid=$(pidof stunnel)
STUNNELPID=$! STUNNELPID=$!
sleep 1 sleep 1
echo "starting gnutls cli debug" echo "starting gnutls cli debug"
gnutls-cli-debug localhost -p ${PORT} -VV gnutls-cli-debug localhost -p ${PORT} -V -V
kill ${STUNNELPID} kill ${STUNNELPID}