summaryrefslogtreecommitdiffstats
path: root/utils/gen-test-certs.sh
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-14 13:40:54 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-14 13:40:54 +0000
commit317c0644ccf108aa23ef3fd8358bd66c2840bfc0 (patch)
treec417b3d25c86b775989cb5ac042f37611b626c8a /utils/gen-test-certs.sh
parentInitial commit. (diff)
downloadredis-317c0644ccf108aa23ef3fd8358bd66c2840bfc0.tar.xz
redis-317c0644ccf108aa23ef3fd8358bd66c2840bfc0.zip
Adding upstream version 5:7.2.4.upstream/5%7.2.4
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'utils/gen-test-certs.sh')
-rwxr-xr-xutils/gen-test-certs.sh58
1 files changed, 58 insertions, 0 deletions
diff --git a/utils/gen-test-certs.sh b/utils/gen-test-certs.sh
new file mode 100755
index 0000000..6bc9d86
--- /dev/null
+++ b/utils/gen-test-certs.sh
@@ -0,0 +1,58 @@
+#!/bin/bash
+
+# Generate some test certificates which are used by the regression test suite:
+#
+# tests/tls/ca.{crt,key} Self signed CA certificate.
+# tests/tls/redis.{crt,key} A certificate with no key usage/policy restrictions.
+# tests/tls/client.{crt,key} A certificate restricted for SSL client usage.
+# tests/tls/server.{crt,key} A certificate restricted for SSL server usage.
+# tests/tls/redis.dh DH Params file.
+
+generate_cert() {
+ local name=$1
+ local cn="$2"
+ local opts="$3"
+
+ local keyfile=tests/tls/${name}.key
+ local certfile=tests/tls/${name}.crt
+
+ [ -f $keyfile ] || openssl genrsa -out $keyfile 2048
+ openssl req \
+ -new -sha256 \
+ -subj "/O=Redis Test/CN=$cn" \
+ -key $keyfile | \
+ openssl x509 \
+ -req -sha256 \
+ -CA tests/tls/ca.crt \
+ -CAkey tests/tls/ca.key \
+ -CAserial tests/tls/ca.txt \
+ -CAcreateserial \
+ -days 365 \
+ $opts \
+ -out $certfile
+}
+
+mkdir -p tests/tls
+[ -f tests/tls/ca.key ] || openssl genrsa -out tests/tls/ca.key 4096
+openssl req \
+ -x509 -new -nodes -sha256 \
+ -key tests/tls/ca.key \
+ -days 3650 \
+ -subj '/O=Redis Test/CN=Certificate Authority' \
+ -out tests/tls/ca.crt
+
+cat > tests/tls/openssl.cnf <<_END_
+[ server_cert ]
+keyUsage = digitalSignature, keyEncipherment
+nsCertType = server
+
+[ client_cert ]
+keyUsage = digitalSignature, keyEncipherment
+nsCertType = client
+_END_
+
+generate_cert server "Server-only" "-extfile tests/tls/openssl.cnf -extensions server_cert"
+generate_cert client "Client-only" "-extfile tests/tls/openssl.cnf -extensions client_cert"
+generate_cert redis "Generic-cert"
+
+[ -f tests/tls/redis.dh ] || openssl dhparam -out tests/tls/redis.dh 2048