forked from wolfSSL/wolfssl
a42bd30278
1. Check the path length between an intermediate CA cert and its signer's path length. 2. Always decode the path length if present and store it in the decoded certificate. 3. Save the path length into the signer list. 4. Path length capped at 127. 5. Added some test certs for checking CA path lengths.
33 lines
1.2 KiB
Bash
Executable File
33 lines
1.2 KiB
Bash
Executable File
#!/bin/bash
|
|
#
|
|
# assemble-chains.sh
|
|
# Assemble all the certificate CA path test cert chains.
|
|
|
|
# Success: PathLen of 0
|
|
## server-0-ca.pem: signed by ca-cert.pem
|
|
## server-0-cert.pem: signed by server-0-ca.pem
|
|
cat server-0-cert.pem server-0-ca.pem > server-0-chain.pem
|
|
|
|
# Success: PathLen of 1
|
|
## server-1-ca.pem: signed by ca-cert.pem
|
|
## server-1-0-ca.pem: signed by server-1-ca.pem
|
|
## server-1-0-cert.pem: signed by server-1-0-ca.pem
|
|
cat server-1-0-cert.pem server-1-0-ca.pem server-1-ca.pem > server-1-0-chain.pem
|
|
## server-1-cert.pem: signed by server-1-ca.pem
|
|
cat server-1-cert.pem server-1-ca.pem > server-1-chain.pem
|
|
|
|
# Success: PathLen of 127
|
|
## server-127-ca.pem: signed by ca-cert.pem
|
|
## server-127-cert.pem: signed by server-127-cert.pem
|
|
cat server-127-cert.pem server-127-ca.pem > server-127-chain.pem
|
|
|
|
# Failure: PathLen of 128
|
|
## server-128-ca.pem: signed by ca-cert.pem
|
|
## server-128-cert.pem: signed by server-128-ca.pem
|
|
cat server-128-cert.pem server-128-ca.pem > server-128-chain.pem
|
|
|
|
# Failure: PathLen of 0, signing PathLen of 1
|
|
## server-0-1-ca.pem: signed by server-0-ca.pem
|
|
## server-0-1-cert.pem: signed by server-0-1-ca.pem
|
|
cat server-0-1-cert.pem server-0-1-ca.pem server-0-ca.pem > server-0-1-chain.pem
|