diff options
| author | Stef Walter <stefw@gnome.org> | 2013-03-14 10:05:17 +0100 |
|---|---|---|
| committer | Stef Walter <stefw@gnome.org> | 2013-03-15 17:19:01 +0100 |
| commit | 86e60637394340ef2fa3b3db6b451dac1d73052b (patch) | |
| tree | 8fa4f4c353534ffc259f9e333e64fbf7d068e913 /build | |
| parent | bf63f009cd4a1147a3e0684d898f140f46666b0e (diff) | |
trust: Rework input path treatment
* Accept a single --with-trust-paths argument to ./configure
which cotnains all the input paths.
* The --with-system-anchors and --with-system-certificates
./configure arguments are no longer supported. Since they were
only present briefly, no provision is made for backwards
compatibility.
* Each input file is treated as containing anchors by default
unless an input certificate contains detailed trust information.
* The files in each input directory are not automatically treated
as anchors unless a certificate contains detailed trust information.
* The files in anchors/ subdirectory of each input directory are
automatically marked as anchors.
* The files in the blacklist/ subdirectory of each input directory
are automatically marked as blacklisted.
* Update tests and move around test certificates so we can
test these changes.
https://bugs.freedesktop.org/show_bug.cgi?id=62327
Diffstat (limited to 'build')
| -rw-r--r-- | build/certs/Makefile.am | 13 | ||||
| -rw-r--r-- | build/certs/self-signed-with-ku.der | bin | 501 -> 478 bytes |
2 files changed, 7 insertions, 6 deletions
diff --git a/build/certs/Makefile.am b/build/certs/Makefile.am index 4428a2e..1d57935 100644 --- a/build/certs/Makefile.am +++ b/build/certs/Makefile.am @@ -7,7 +7,7 @@ TRUST = $(top_srcdir)/trust/tests TOOLS = $(top_srcdir)/tools/tests prepare-certs: - cp -v cacert3.der $(TRUST)/anchors + cp -v cacert3.der $(TRUST)/input/anchors cp -v cacert3.der $(TRUST)/files cp -v cacert3.der $(TOOLS)/files openssl x509 -in cacert3.der -inform DER -out $(TRUST)/files/cacert3.pem @@ -25,14 +25,15 @@ prepare-certs: -addreject ipsecUser -addreject timeStamping cat $(TOOLS)/files/cacert3-trusted-client-server-alias.pem \ $(TOOLS)/files/cacert3-trusted-alias.pem > $(TOOLS)/files/cacert3-trusted-multiple.pem - cp -v cacert-ca.der $(TRUST)/certificates + cp -v cacert-ca.der $(TRUST)/input cp -v cacert-ca.der $(TRUST)/files openssl x509 -in redhat-newca.der -inform DER -out $(TRUST)/files/distrusted.pem \ -addreject clientAuth -setalias "Red Hat Is the CA" - cp -v self-server.der $(TRUST)/files - cp -v self-signed-with-eku.der $(TRUST)/certificates - cp -v self-signed-with-ku.der $(TRUST)/certificates - cp -v testing-ca.der $(TRUST)/anchors + cp -v $(TRUST)/files/distrusted.pem $(TRUST)/input + cp -v self-server.der $(TRUST)/input/blacklist + cp -v self-signed-with-eku.der $(TRUST)/files + cp -v self-signed-with-ku.der $(TRUST)/files + cp -v testing-ca.der $(TRUST)/input/anchors cp -v testing-server.der $(TRUST)/files # Rebuild the self-signed certificates. This is almost never necessary and diff --git a/build/certs/self-signed-with-ku.der b/build/certs/self-signed-with-ku.der Binary files differindex e6f36e3..51bb227 100644 --- a/build/certs/self-signed-with-ku.der +++ b/build/certs/self-signed-with-ku.der |