diff options
| author | Stefan Boberg <[email protected]> | 2025-10-24 19:32:01 +0200 |
|---|---|---|
| committer | GitHub Enterprise <[email protected]> | 2025-10-24 19:32:01 +0200 |
| commit | 4cba4eb3f122c7a1a49b629b1c0656d7f817f001 (patch) | |
| tree | e184821073167f6e81a75193efca91013d7b359b /thirdparty/cpr/test/data/generate-certificates.sh | |
| parent | fixed progress bar when scanning changed local files (#608) (diff) | |
| download | zen-4cba4eb3f122c7a1a49b629b1c0656d7f817f001.tar.xz zen-4cba4eb3f122c7a1a49b629b1c0656d7f817f001.zip | |
move cpr in-tree (#605)
* added cpr 1.10.5 in-tree to allow updates to vcpkg without breaking the build
* added asio 1.29.0 in-tree to remove one more vcpkg dependency
* bumped vcpkg to 2024.06.15 to address failure to build due to use of deprecated binaries in vcpkg (404 error: `https://mirror.msys2.org/mingw/mingw64/mingw-w64-x86_64-pkgconf-1~2.1.0-1-any.pkg.tar.zst` during build)
Diffstat (limited to 'thirdparty/cpr/test/data/generate-certificates.sh')
| -rw-r--r-- | thirdparty/cpr/test/data/generate-certificates.sh | 76 |
1 files changed, 76 insertions, 0 deletions
diff --git a/thirdparty/cpr/test/data/generate-certificates.sh b/thirdparty/cpr/test/data/generate-certificates.sh new file mode 100644 index 000000000..f20d7729f --- /dev/null +++ b/thirdparty/cpr/test/data/generate-certificates.sh @@ -0,0 +1,76 @@ +#!/bin/sh + +# Generate a CA with a self-signed root certificate that then signs the server certificate +# Based on the OpenSSL Cookbook by Ivan Ristic: +# https://www.feistyduck.com/library/openssl-cookbook/online/ +# +# Especially, see chapter 1.5. Creating a private Certification Authority: +# https://www.feistyduck.com/library/openssl-cookbook/online/openssl-command-line/private-ca.html + +export KEY_PATH=keys +export CRT_PATH=certificates +export CA_PATH=ca + +# Create environment. +# $CA_PATH is deleted in the end. +# If new certificates need to be issued, this needs to be done before the cleanup in the end. +mkdir -p $KEY_PATH $CRT_PATH $CA_PATH/db $CA_PATH/private $CA_PATH/certificates +touch $CA_PATH/db/index +openssl rand -hex 16 > $CA_PATH/db/serial + + +# Generate all private keys +openssl genpkey -algorithm ed25519 -out $KEY_PATH/root-ca.key +openssl genpkey -algorithm ed25519 -out $KEY_PATH/server.key +openssl genpkey -algorithm ed25519 -out $KEY_PATH/client.key + +# For the server, we also need the public key +openssl pkey -in $KEY_PATH/server.key -pubout -out $KEY_PATH/server.pub + + +# Generate a Certificate Signing Request for the Root CA based on a config file +openssl req -new \ + -config root-ca.cnf -out root-ca.csr \ + -key $KEY_PATH/root-ca.key + +# Self-sign the root certificate +openssl ca -batch \ + -selfsign -config root-ca.cnf \ + -extensions ca_ext \ + -in root-ca.csr -out $CRT_PATH/root-ca.crt -notext + + +# Create a Certificate Signing request for the server certificate +openssl req -new \ + -config server.cnf -out server.csr \ + -key $KEY_PATH/server.key +openssl req -text -in server.csr -noout + +# Issue the server certificate +openssl ca -batch \ + -config root-ca.cnf \ + -extensions server_ext \ + -extfile server.cnf -extensions ext \ + -in server.csr -out $CRT_PATH/server.crt -notext \ + -days 1825 + + +# Create a Certificate Signing request for the client certificate +openssl req -new \ + -config client.cnf -out client.csr \ + -key $KEY_PATH/client.key + +# Issue the client certificate +openssl ca -batch \ + -config root-ca.cnf \ + -extensions client_ext \ + -in client.csr -out $CRT_PATH/client.crt -notext \ + -days 1825 + + + +# Clean up +# IMPORTANT: If new certificates should be issued, $CA_PATH and its files MUST NOT be deleted! +# New certificates can be created in this script before cleaning up. +rm -rf *.csr $CA_PATH + |