History log of /curl/tests/certs/scripts/genroot.sh (Results 1 – 14 of 14)
Revision (<<< Hide revision tags) (Show revision tags >>>) Date Author Comments
# 9d32724c 01-Nov-2024 Viktor Szakats

certs: add missing `-CAcreateserial` option for LibreSSL

Also:
- display openssl path and version.
- quote a string.

Follow-up to 9b0c0d6ade052c46cf72d2fd43017bacb0ba07f6 #1

certs: add missing `-CAcreateserial` option for LibreSSL

Also:
- display openssl path and version.
- quote a string.

Follow-up to 9b0c0d6ade052c46cf72d2fd43017bacb0ba07f6 #15129

Closes #15471

show more ...


# 9b0c0d6a 02-Oct-2024 Viktor Szakats

tests: let openssl generate random cert serials

Generate the certificate serial numbers automatically instead of doing
from shell (or Perl earlier).

Fixes intermittent CI failur

tests: let openssl generate random cert serials

Generate the certificate serial numbers automatically instead of doing
from shell (or Perl earlier).

Fixes intermittent CI failures due to the shell-based random generator
generating the same serial number twice:
```
$ openssl ca -config EdelCurlRoot-ca.cnf -revoke Server-localhost0h-sv.crt
Using configuration from EdelCurlRoot-ca.cnf
ERROR:Already revoked, serial number 66FDB23A
make: *** [../../../tests/certs/Server-localhost0h-sv.pem] Error 1
```
https://github.com/curl/curl/actions/runs/11151401083/job/30994755798?pr=15128#step:10:498

Follow-up to fa461b4eff52b413f88debf543b5350a6cef4724 #14486
Follow-up to fa69b41c7790fab86fd363242c81d8ef2e89e183 #13307
Closes #15129

show more ...


# fa69b41c 07-Apr-2024 Viktor Szakats

GHA: add shellcheck job and fix warnings, shell tidy-ups

Reviewed-by: Daniel Stenberg
Closes #13307


# 2bc1d775 02-Jan-2023 Daniel Stenberg

copyright: update all copyright lines and remove year ranges

- they are mostly pointless in all major jurisdictions
- many big corporations and projects already don't use them
- save

copyright: update all copyright lines and remove year ranges

- they are mostly pointless in all major jurisdictions
- many big corporations and projects already don't use them
- saves us from pointless churn
- git keeps history for us
- the year range is kept in COPYING

checksrc is updated to allow non-year using copyright statements

Closes #10205

show more ...


# ef07452a 23-Dec-2022 Paul Howarth

tests: avoid use of sha1 in certificates

The SHA-1 algorithm is deprecated (particularly for security-sensitive
applications) in a variety of OS environments. This already affects
RH

tests: avoid use of sha1 in certificates

The SHA-1 algorithm is deprecated (particularly for security-sensitive
applications) in a variety of OS environments. This already affects
RHEL-9 and derivatives, which are not willing to use certificates using
that algorithm. The fix is to use sha256 instead, which is already used
for most of the other certificates in the test suite.

Fixes #10135

This gets rid of issues related to sha1 signatures.

Manual steps after "make clean-certs" and "make build-certs":

- Copy tests/certs/stunnel-sv.pem to tests/stunnel.pem
(make clean-certs does not remove the original tests/stunnel.pem)

- Copy tests/certs/Server-localhost-sv.pubkey-pinned into --pinnedpubkey
options of tests/data/test2041 and tests/data/test2087

Closes #10153

show more ...


# f7029718 25-Nov-2022 Stefan Eissing

tests: add authorityInfoAccess to generated certs

Generate stunnel.pem as well

Closes #9980


# 9178208a 02-Sep-2022 Daniel Stenberg

tests/certs/scripts: insert standard curl source headers

... including the SPDX-License-Identifier.

These omissions were not detected by the RUEUSE CI job nor the copyright.pl
s

tests/certs/scripts: insert standard curl source headers

... including the SPDX-License-Identifier.

These omissions were not detected by the RUEUSE CI job nor the copyright.pl
scanners because we have a general wildcard in .reuse/dep5 for
"tests/certs/*".

Reported-by: Samuel Henrique
Fixes #9417
Closes #9420

show more ...


Revision tags: curl-7_76_1, curl-7_76_0, curl-7_75_0, curl-7_74_0, curl-7_73_0, tiny-curl-7_72_0, curl-7_72_0, curl-7_71_1, curl-7_71_0, curl-7_70_0
# 9a8b3b3e 23-Mar-2020 Daniel Stenberg

copyright: fix out-of-date copyright ranges and missing headers

Reported by the new script 'scripts/copyright.pl'. The script has a
regex whitelist for the files that don't need copyrigh

copyright: fix out-of-date copyright ranges and missing headers

Reported by the new script 'scripts/copyright.pl'. The script has a
regex whitelist for the files that don't need copyright headers.

Removed three (mostly usesless) README files from docs/

Closes #5141

show more ...


Revision tags: curl-7_69_1, curl-7_69_0, curl-7_68_0, curl-7_67_0, curl-7_66_0, curl-7_65_3, curl-7_65_2, curl-7_65_1, curl-7_65_0, curl-7_64_1, curl-7_64_0, curl-7_63_0, curl-7_62_0
# b801b453 23-Sep-2018 Viktor Szakats

whitespace fixes

- replace tabs with spaces where possible
- remove line ending spaces
- remove double/triple newlines at EOF
- fix a non-UTF-8 character
- cleanup a few inde

whitespace fixes

- replace tabs with spaces where possible
- remove line ending spaces
- remove double/triple newlines at EOF
- fix a non-UTF-8 character
- cleanup a few indentations/line continuations
in manual examples

Closes https://github.com/curl/curl/pull/3037

show more ...


# ba782baa 19-Sep-2018 Daniel Stenberg

certs: generate tests certs with sha256 digest algorithm

As OpenSSL 1.1.1 starts to complain and fail on sha1 CAs:

"SSL certificate problem: CA signature digest algorithm too weak"

certs: generate tests certs with sha256 digest algorithm

As OpenSSL 1.1.1 starts to complain and fail on sha1 CAs:

"SSL certificate problem: CA signature digest algorithm too weak"

Closes #3014

show more ...


Revision tags: curl-7_61_1, curl-7_61_0, curl-7_60_0, curl-7_59_0, curl-7_58_0, curl-7_57_0, curl-7_56_1, curl-7_56_0, curl-7_55_1, curl-7_55_0, curl-7_54_1, curl-7_54_0, curl-7_53_1, curl-7_53_0, curl-7_52_1, curl-7_52_0, curl-7_51_0, curl-7_50_3, curl-7_50_2, curl-7_50_1, curl-7_50_0, curl-7_49_1, curl-7_49_0, curl-7_48_0, curl-7_47_1, curl-7_47_0, curl-7_46_0, curl-7_45_0, curl-7_44_0, curl-7_43_0, curl-7_42_1, curl-7_42_0
# 38c304a5 21-Mar-2015 Dan Fandrich

tests/certs: added make target to rebuild certificates

The certificate generation scripts were also updated to better match the
format of the certificates currently checked in.


Revision tags: curl-7_41_0, curl-7_40_0, curl-7_39_0, curl-7_38_0, curl-7_37_1, curl-7_37_0, curl-7_36_0, curl-7_35_0, curl-7_34_0, curl-7_33_0, curl-7_32_0, curl-7_31_0, curl-7_30_0, curl-7_29_0, curl-7_28_1, curl-7_28_0, curl-7_27_0, curl-7_26_0, curl-7_25_0, curl-7_24_0, curl-7_23_1, curl-7_23_0, curl-7_22_0, curl-7_21_7, curl-7_21_6, curl-7_21_5, curl-7_21_4, curl-7_21_3, curl-7_21_2, curl-7_21_1, curl-7_21_0
# 645bdd83 27-May-2010 Kamil Dudka

tests/certs/scripts: generate also CRL

... and make it possible to do so without any user interaction


Revision tags: curl-7_20_1
# a07bc791 14-Feb-2010 Yang Tse

removed trailing whitespace


Revision tags: curl-7_20_0, curl-7_19_7, curl-7_19_6
# e73fe837 11-Aug-2009 Daniel Stenberg

- Peter Sylvester made the HTTPS test server use specific certificates for
each test, so that the test suite can now be used to actually test the
verification of cert names etc. This made

- Peter Sylvester made the HTTPS test server use specific certificates for
each test, so that the test suite can now be used to actually test the
verification of cert names etc. This made an error show up in the OpenSSL-
specific code where it would attempt to match the CN field even if a
subjectAltName exists that doesn't match. This is now fixed and verified
in test 311.

show more ...