summaryrefslogtreecommitdiff
path: root/build
diff options
context:
space:
mode:
authorStef Walter <stefw@gnome.org>2013-01-24 11:34:47 +0100
committerStef Walter <stefw@gnome.org>2013-02-05 14:54:46 +0100
commit5147d71466455b3d087b3f3a7472a35e8216c55a (patch)
tree4b81eee35b7d0ec877a34c4fde06478d700a3960 /build
parent603c7d4eb996f51178ccc9d235597497bbb2c7a4 (diff)
Add basic trust module
This is based off the roots-store from gnome-keyring and loads certificates from a root directory and exposes them as PKCS#11 objects.
Diffstat (limited to 'build')
-rw-r--r--build/Makefile.am2
-rw-r--r--build/certs/Makefile.am27
-rw-r--r--build/certs/cacert-ca.derbin0 -> 1857 bytes
-rw-r--r--build/certs/cacert3.derbin0 -> 1885 bytes
-rw-r--r--build/certs/self-server.derbin0 -> 396 bytes
-rw-r--r--build/certs/self-signed-with-eku.derbin0 -> 480 bytes
-rw-r--r--build/certs/self-signed-with-ku.derbin0 -> 501 bytes
-rw-r--r--build/certs/testing-ca.derbin0 -> 970 bytes
-rw-r--r--build/certs/testing-server.derbin0 -> 554 bytes
-rw-r--r--build/certs/with-eku.conf19
-rw-r--r--build/certs/with-ku.conf19
11 files changed, 67 insertions, 0 deletions
diff --git a/build/Makefile.am b/build/Makefile.am
index f8841ec..de76c58 100644
--- a/build/Makefile.am
+++ b/build/Makefile.am
@@ -1,4 +1,6 @@
+SUBDIRS = certs
+
EXTRA_DIST = \
cutest \
Makefile.tests
diff --git a/build/certs/Makefile.am b/build/certs/Makefile.am
new file mode 100644
index 0000000..03dca0d
--- /dev/null
+++ b/build/certs/Makefile.am
@@ -0,0 +1,27 @@
+
+# Note that nothing here is distributed. It just lives in the git repository
+# We copy everything into its final location, and those test files are
+# distributed in the tarballs
+
+TRUST = $(top_srcdir)/trust/tests
+
+prepare-certs:
+ cp -v cacert3.der $(TRUST)/anchors
+ cp -v cacert3.der $(TRUST)/files
+ cp -v cacert-ca.der $(TRUST)/certificates
+ cp -v cacert-ca.der $(TRUST)/files
+ cp -v self-server.der $(TRUST)/files
+ cp -v self-signed-with-eku.der $(TRUST)/certificates
+ cp -v self-signed-with-ku.der $(TRUST)/certificates
+ cp -v testing-ca.der $(TRUST)/anchors
+ cp -v testing-server.der $(TRUST)/files
+
+# Rebuild the self-signed certificates. This is almost never necessary and
+# will require other changes in the code, mostly here as documentation
+build-self-signed:
+ openssl req -new -x509 -outform DER -out self-signed-with-eku.der \
+ -newkey rsa -keyout /dev/null -nodes -subj /CN=self-signed-with-eku.example.com \
+ -config with-eku.conf -set_serial 888 -extensions v3_ca
+ openssl req -new -x509 -outform DER -out self-signed-with-ku.der \
+ -newkey rsa -keyout /dev/null -nodes -subj /CN=self-signed-with-ku.example.com \
+ -config with-ku.conf -set_serial 888 -extensions v3_ca
diff --git a/build/certs/cacert-ca.der b/build/certs/cacert-ca.der
new file mode 100644
index 0000000..719b0ff
--- /dev/null
+++ b/build/certs/cacert-ca.der
Binary files differ
diff --git a/build/certs/cacert3.der b/build/certs/cacert3.der
new file mode 100644
index 0000000..56f8c88
--- /dev/null
+++ b/build/certs/cacert3.der
Binary files differ
diff --git a/build/certs/self-server.der b/build/certs/self-server.der
new file mode 100644
index 0000000..68fe9af
--- /dev/null
+++ b/build/certs/self-server.der
Binary files differ
diff --git a/build/certs/self-signed-with-eku.der b/build/certs/self-signed-with-eku.der
new file mode 100644
index 0000000..33e0760
--- /dev/null
+++ b/build/certs/self-signed-with-eku.der
Binary files differ
diff --git a/build/certs/self-signed-with-ku.der b/build/certs/self-signed-with-ku.der
new file mode 100644
index 0000000..e6f36e3
--- /dev/null
+++ b/build/certs/self-signed-with-ku.der
Binary files differ
diff --git a/build/certs/testing-ca.der b/build/certs/testing-ca.der
new file mode 100644
index 0000000..d3f70ea
--- /dev/null
+++ b/build/certs/testing-ca.der
Binary files differ
diff --git a/build/certs/testing-server.der b/build/certs/testing-server.der
new file mode 100644
index 0000000..cf2de65
--- /dev/null
+++ b/build/certs/testing-server.der
Binary files differ
diff --git a/build/certs/with-eku.conf b/build/certs/with-eku.conf
new file mode 100644
index 0000000..8eab21d
--- /dev/null
+++ b/build/certs/with-eku.conf
@@ -0,0 +1,19 @@
+#
+# Use with the following command
+# $ openssl req -new -x509 -outform DER -out self-signed-with-ku.pem \
+# -newkey rsa -keyout self-signed-with-ku.key -nodes \
+# -config with-ku.conf -set_serial 888 -extensions v3_ca
+#
+
+[ req ]
+default_bits = 1024
+distinguished_name = req_distinguished_name
+x509_extensions = v3_ca
+dirstring_type = nobmp
+
+[ req_distinguished_name ]
+commonName = Common Name
+commonName_max = 64
+
+[ v3_ca ]
+keyUsage=keyCertSign,digitalSignature \ No newline at end of file
diff --git a/build/certs/with-ku.conf b/build/certs/with-ku.conf
new file mode 100644
index 0000000..aa0acc1
--- /dev/null
+++ b/build/certs/with-ku.conf
@@ -0,0 +1,19 @@
+#
+# Use with the following command
+# $ openssl req -new -x509 -outform DER -out self-signed-with-eku.pem \
+# -newkey rsa -keyout self-signed-with-eku.key -nodes \
+# -config with-eku.conf -set_serial 888 -extensions v3_ca
+#
+
+[ req ]
+default_bits = 1024
+distinguished_name = req_distinguished_name
+x509_extensions = v3_ca
+dirstring_type = nobmp
+
+[ req_distinguished_name ]
+commonName = Common Name
+commonName_max = 64
+
+[ v3_ca ]
+extendedKeyUsage=clientAuth,emailProtection,1.2.3.4 \ No newline at end of file