mirror of
https://github.com/mirror/wget.git
synced 2025-01-08 11:20:24 +08:00
2318c309d4
* Test-pinnedpubkey-hash-https.py: Read hashed pubkey from file * Test-pinnedpubkey-hash-no-check-fail-https.py: Use invalid hash * certs/make_ca.sh: New script to generate test certs non-interactive * certs/ca-template.cfg: New file (template for CA cert) * certs/server-template.cfg: New file (template for server cert) * certs/server-pubkey-sha256.base64: New file (pubkey sha256 hash)
24 lines
1.2 KiB
Bash
Executable File
24 lines
1.2 KiB
Bash
Executable File
#!/bin/sh -e
|
|
|
|
# create a self signed CA certificate
|
|
certtool --generate-privkey --outfile ca-key.pem
|
|
certtool --generate-self-signed --load-privkey ca-key.pem --template=ca-template.cfg --outfile ca-cert.pem
|
|
|
|
# create the server RSA private key
|
|
certtool --generate-privkey --outfile server-key.pem --rsa
|
|
|
|
# generate a server certificate using the private key only
|
|
certtool --generate-certificate --load-privkey server-key.pem --template=server-template.cfg --outfile server-cert.pem --load-ca-certificate ca-cert.pem --load-ca-privkey ca-key.pem
|
|
|
|
# create a CRL for the server certificate
|
|
certtool --generate-crl --load-ca-privkey ca-key.pem --load-ca-certificate ca-cert.pem --load-certificate server-cert.pem --outfile server-crl.pem --template=server-template.cfg
|
|
|
|
# generate a public key in PEM format
|
|
openssl x509 -noout -pubkey < server-cert.pem > server-pubkey.pem
|
|
|
|
# generate a public key in DER format
|
|
openssl x509 -noout -pubkey < server-cert.pem | openssl asn1parse -noout -inform pem -out server-pubkey.der
|
|
|
|
# generate a sha256 hash of the public key
|
|
openssl x509 -noout -pubkey < server-cert.pem | openssl asn1parse -noout -inform pem -out /dev/stdout | openssl dgst -sha256 -binary | openssl base64 > server-pubkey-sha256.base64
|