diff options
author | Stef Walter <stefw@gnome.org> | 2013-01-24 11:34:47 +0100 |
---|---|---|
committer | Stef Walter <stefw@gnome.org> | 2013-02-05 14:54:46 +0100 |
commit | 5147d71466455b3d087b3f3a7472a35e8216c55a (patch) | |
tree | 4b81eee35b7d0ec877a34c4fde06478d700a3960 /build | |
parent | 603c7d4eb996f51178ccc9d235597497bbb2c7a4 (diff) |
Add basic trust module
This is based off the roots-store from gnome-keyring and loads
certificates from a root directory and exposes them as PKCS#11
objects.
Diffstat (limited to 'build')
-rw-r--r-- | build/Makefile.am | 2 | ||||
-rw-r--r-- | build/certs/Makefile.am | 27 | ||||
-rw-r--r-- | build/certs/cacert-ca.der | bin | 0 -> 1857 bytes | |||
-rw-r--r-- | build/certs/cacert3.der | bin | 0 -> 1885 bytes | |||
-rw-r--r-- | build/certs/self-server.der | bin | 0 -> 396 bytes | |||
-rw-r--r-- | build/certs/self-signed-with-eku.der | bin | 0 -> 480 bytes | |||
-rw-r--r-- | build/certs/self-signed-with-ku.der | bin | 0 -> 501 bytes | |||
-rw-r--r-- | build/certs/testing-ca.der | bin | 0 -> 970 bytes | |||
-rw-r--r-- | build/certs/testing-server.der | bin | 0 -> 554 bytes | |||
-rw-r--r-- | build/certs/with-eku.conf | 19 | ||||
-rw-r--r-- | build/certs/with-ku.conf | 19 |
11 files changed, 67 insertions, 0 deletions
diff --git a/build/Makefile.am b/build/Makefile.am index f8841ec..de76c58 100644 --- a/build/Makefile.am +++ b/build/Makefile.am @@ -1,4 +1,6 @@ +SUBDIRS = certs + EXTRA_DIST = \ cutest \ Makefile.tests diff --git a/build/certs/Makefile.am b/build/certs/Makefile.am new file mode 100644 index 0000000..03dca0d --- /dev/null +++ b/build/certs/Makefile.am @@ -0,0 +1,27 @@ + +# Note that nothing here is distributed. It just lives in the git repository +# We copy everything into its final location, and those test files are +# distributed in the tarballs + +TRUST = $(top_srcdir)/trust/tests + +prepare-certs: + cp -v cacert3.der $(TRUST)/anchors + cp -v cacert3.der $(TRUST)/files + cp -v cacert-ca.der $(TRUST)/certificates + cp -v cacert-ca.der $(TRUST)/files + cp -v self-server.der $(TRUST)/files + cp -v self-signed-with-eku.der $(TRUST)/certificates + cp -v self-signed-with-ku.der $(TRUST)/certificates + cp -v testing-ca.der $(TRUST)/anchors + cp -v testing-server.der $(TRUST)/files + +# Rebuild the self-signed certificates. This is almost never necessary and +# will require other changes in the code, mostly here as documentation +build-self-signed: + openssl req -new -x509 -outform DER -out self-signed-with-eku.der \ + -newkey rsa -keyout /dev/null -nodes -subj /CN=self-signed-with-eku.example.com \ + -config with-eku.conf -set_serial 888 -extensions v3_ca + openssl req -new -x509 -outform DER -out self-signed-with-ku.der \ + -newkey rsa -keyout /dev/null -nodes -subj /CN=self-signed-with-ku.example.com \ + -config with-ku.conf -set_serial 888 -extensions v3_ca diff --git a/build/certs/cacert-ca.der b/build/certs/cacert-ca.der Binary files differnew file mode 100644 index 0000000..719b0ff --- /dev/null +++ b/build/certs/cacert-ca.der diff --git a/build/certs/cacert3.der b/build/certs/cacert3.der Binary files differnew file mode 100644 index 0000000..56f8c88 --- /dev/null +++ b/build/certs/cacert3.der diff --git a/build/certs/self-server.der b/build/certs/self-server.der Binary files differnew file mode 100644 index 0000000..68fe9af --- /dev/null +++ b/build/certs/self-server.der diff --git a/build/certs/self-signed-with-eku.der b/build/certs/self-signed-with-eku.der Binary files differnew file mode 100644 index 0000000..33e0760 --- /dev/null +++ b/build/certs/self-signed-with-eku.der diff --git a/build/certs/self-signed-with-ku.der b/build/certs/self-signed-with-ku.der Binary files differnew file mode 100644 index 0000000..e6f36e3 --- /dev/null +++ b/build/certs/self-signed-with-ku.der diff --git a/build/certs/testing-ca.der b/build/certs/testing-ca.der Binary files differnew file mode 100644 index 0000000..d3f70ea --- /dev/null +++ b/build/certs/testing-ca.der diff --git a/build/certs/testing-server.der b/build/certs/testing-server.der Binary files differnew file mode 100644 index 0000000..cf2de65 --- /dev/null +++ b/build/certs/testing-server.der diff --git a/build/certs/with-eku.conf b/build/certs/with-eku.conf new file mode 100644 index 0000000..8eab21d --- /dev/null +++ b/build/certs/with-eku.conf @@ -0,0 +1,19 @@ +# +# Use with the following command +# $ openssl req -new -x509 -outform DER -out self-signed-with-ku.pem \ +# -newkey rsa -keyout self-signed-with-ku.key -nodes \ +# -config with-ku.conf -set_serial 888 -extensions v3_ca +# + +[ req ] +default_bits = 1024 +distinguished_name = req_distinguished_name +x509_extensions = v3_ca +dirstring_type = nobmp + +[ req_distinguished_name ] +commonName = Common Name +commonName_max = 64 + +[ v3_ca ] +keyUsage=keyCertSign,digitalSignature
\ No newline at end of file diff --git a/build/certs/with-ku.conf b/build/certs/with-ku.conf new file mode 100644 index 0000000..aa0acc1 --- /dev/null +++ b/build/certs/with-ku.conf @@ -0,0 +1,19 @@ +# +# Use with the following command +# $ openssl req -new -x509 -outform DER -out self-signed-with-eku.pem \ +# -newkey rsa -keyout self-signed-with-eku.key -nodes \ +# -config with-eku.conf -set_serial 888 -extensions v3_ca +# + +[ req ] +default_bits = 1024 +distinguished_name = req_distinguished_name +x509_extensions = v3_ca +dirstring_type = nobmp + +[ req_distinguished_name ] +commonName = Common Name +commonName_max = 64 + +[ v3_ca ] +extendedKeyUsage=clientAuth,emailProtection,1.2.3.4
\ No newline at end of file |