mirror of
https://github.com/yuzu-emu/mbedtls
synced 2024-11-24 23:08:11 +00:00
1beb048316
Inspired by test code provided by Nicholas Wilson in PR #351. The test will fail if someone sets MAX_INTERMEDIATE_CA to a value larger than 18 (default is 8), which is hopefully unlikely and can easily be fixed by running long.sh again with a larger value if it ever happens. Current behaviour is suboptimal as flags are not set, but currently the goal is only to document/test existing behaviour.
33 lines
846 B
Bash
Executable file
33 lines
846 B
Bash
Executable file
#!/bin/sh
|
|
|
|
set -eu
|
|
|
|
: ${OPENSSL:=openssl}
|
|
NB=20
|
|
|
|
OPT="-days 3653 -sha256"
|
|
|
|
# generate self-signed root
|
|
$OPENSSL ecparam -name prime256v1 -genkey -out 00.key
|
|
$OPENSSL req -new -x509 -subj "/C=UK/O=mbed TLS/CN=CA00" $OPT \
|
|
-key 00.key -out 00.crt
|
|
|
|
# cXX.pem is the chain starting at XX
|
|
cp 00.crt c00.pem
|
|
|
|
# generate long chain
|
|
for i in $(seq 1 $NB); do
|
|
UP=$( printf "%02d" $((i-1)) )
|
|
ME=$( printf "%02d" $i )
|
|
|
|
$OPENSSL ecparam -name prime256v1 -genkey -out ${ME}.key
|
|
$OPENSSL req -new -subj "/C=UK/O=mbed TLS/CN=CA${ME}" \
|
|
-key ${ME}.key -out ${ME}.csr
|
|
$OPENSSL x509 -req -CA ${UP}.crt -CAkey ${UP}.key -set_serial 1 $OPT \
|
|
-extfile int.opensslconf -extensions int \
|
|
-in ${ME}.csr -out ${ME}.crt
|
|
|
|
cat ${ME}.crt c${UP}.pem > c${ME}.pem
|
|
|
|
rm ${ME}.csr
|
|
done
|