1
0
mirror of https://github.com/moparisthebest/curl synced 2024-11-06 01:25:33 -05:00
Commit Graph

12 Commits

Author SHA1 Message Date
Dan Fandrich
f9251a5c86 tests/certs: rebuild certificates with modified key usage bits
The certificates were missing the digitalSignature and keyAgreement
usage types, of which at least digitalSignature was checked by CyaSSL.
This caused the test server in test 310 (among others) to fail the
startup verification and therefore run (see
http://curl.haxx.se/mail/lib-2014-07/0303.html).
2015-03-21 16:33:58 +01:00
Dan Fandrich
38c304a58f tests/certs: added make target to rebuild certificates
The certificate generation scripts were also updated to better match the
format of the certificates currently checked in.
2015-03-21 16:33:58 +01:00
be1a505189 SSL: Add PEM format support for public key pinning 2014-11-24 19:30:09 +01:00
93e450793c SSL: implement public key pinning
Option --pinnedpubkey takes a path to a public key in DER format and
only connect if it matches (currently only implemented with OpenSSL).

Provides CURLOPT_PINNEDPUBLICKEY for curl_easy_setopt().

Extract a public RSA key from a website like so:
openssl s_client -connect google.com:443 2>&1 < /dev/null | \
sed -n '/-----BEGIN/,/-----END/p' | openssl x509 -noout -pubkey \
| openssl rsa -pubin -outform DER > google.com.der
2014-10-07 14:44:19 +02:00
Yang Tse
7ab3ae0bf0 commit bc682cbd follow-up 2013-01-15 19:54:47 +01:00
Yang Tse
bc682cbd3e tests/Makefile.am: remove wildcard usage in EXTRA_DIST 2013-01-15 16:31:48 +01:00
Quinn Slack
59cf93ccdb TLS-SRP: support added when using GnuTLS 2011-01-19 20:35:02 +01:00
Kamil Dudka
99179da4cc tests/certs: re-generated because of lost pass-phrase 2010-05-27 23:39:54 +02:00
Kamil Dudka
645bdd837a tests/certs/scripts: generate also CRL
... and make it possible to do so without any user interaction
2010-05-27 23:33:19 +02:00
Yang Tse
a07bc79117 removed trailing whitespace 2010-02-14 19:40:18 +00:00
Yang Tse
4d922545d5 - Added Diffie-Hellman parameters to several test harness certificate files in
PEM format. Required by several stunnel versions used by our test harness.
2009-11-28 10:01:21 +00:00
Daniel Stenberg
e73fe837a8 - Peter Sylvester made the HTTPS test server use specific certificates for
each test, so that the test suite can now be used to actually test the
  verification of cert names etc. This made an error show up in the OpenSSL-
  specific code where it would attempt to match the CN field even if a
  subjectAltName exists that doesn't match. This is now fixed and verified
  in test 311.
2009-08-11 21:48:58 +00:00