diff options
| author | ppi@chromium.org <ppi@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2013-02-07 00:15:26 +0000 |
|---|---|---|
| committer | ppi@chromium.org <ppi@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2013-02-07 00:15:26 +0000 |
| commit | f1958c384a7e4639c76e21d6cb7d2639b69e9a62 (patch) | |
| tree | 86f40f45e5838aa924f9eb9357dae5e105f049de /net/data | |
| parent | cf6db5ab9878bbdf5680d5d48cf1bfd34bd535e4 (diff) | |
| download | chromium_src-f1958c384a7e4639c76e21d6cb7d2639b69e9a62.zip chromium_src-f1958c384a7e4639c76e21d6cb7d2639b69e9a62.tar.gz chromium_src-f1958c384a7e4639c76e21d6cb7d2639b69e9a62.tar.bz2 | |
Move client certificates retrieval logic out of the SSL sockets.
CL 11879048 introduces ClientCertStore API providing client certificate
lookup/filtering logic currently being done at the SSL socket level. This patch
removes this logic from the sockets, plugging the new API in the upper layers instead.
BUG=170374
Review URL: https://chromiumcodereview.appspot.com/12035105
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@181104 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net/data')
| -rwxr-xr-x | net/data/ssl/scripts/client_authentication/generate-client-certificates.sh | 8 | ||||
| -rwxr-xr-x | net/data/ssl/scripts/client_authentication/run-test-server.sh | 16 |
2 files changed, 24 insertions, 0 deletions
diff --git a/net/data/ssl/scripts/client_authentication/generate-client-certificates.sh b/net/data/ssl/scripts/client_authentication/generate-client-certificates.sh index 0337389..f6daddf 100755 --- a/net/data/ssl/scripts/client_authentication/generate-client-certificates.sh +++ b/net/data/ssl/scripts/client_authentication/generate-client-certificates.sh @@ -68,4 +68,12 @@ do -keyfile out/root_$id.key \ -out out/client_$id.pem \ -config client_authentication.cnf + + # Package the client cert and private key into a pkcs12 file. + try openssl pkcs12 \ + -inkey out/client_$id.key \ + -in out/client_$id.pem \ + -out out/client_$id.p12 \ + -export \ + -passout pass: done diff --git a/net/data/ssl/scripts/client_authentication/run-test-server.sh b/net/data/ssl/scripts/client_authentication/run-test-server.sh new file mode 100755 index 0000000..b5b64f4 --- /dev/null +++ b/net/data/ssl/scripts/client_authentication/run-test-server.sh @@ -0,0 +1,16 @@ +#!/bin/bash + +# Copyright (c) 2013 The Chromium Authors. All rights reserved. +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. + +# Helper script for local manual testing. Runs an openssl test server at +# localhost:4433. The server will be accessible for www connections and will +# require a client certificate issued by Client Auth Test Root 1. +openssl s_server \ + -accept 4433 \ + -cert out/root_1.pem \ + -key out/root_1.key \ + -www \ + -Verify 5 \ + -CAfile out/root_1.pem |