##// END OF EJS Templates
revset: stop supporting plain list as input set (API)...
revset: stop supporting plain list as input set (API) There was no deprecwarn(), but this is the same kind of API compatibility as the one removed by the previous patch.

File last commit:

r29579:43f3c0df default
r31810:81abd0d1 default
Show More
README
45 lines | 1.8 KiB | text/plain | TextLexer
Gregory Szorc
tests: regenerate x509 test certificates...
r29526 Generate a private key (priv.pem):
$ openssl genrsa -out priv.pem 2048
Generate 2 self-signed certificates from this key (pub.pem, pub-other.pem):
Gregory Szorc
tests: update test certificate generation instructions...
r29579 $ openssl req -new -x509 -key priv.pem -nodes -sha256 -days 9000 \
-out pub.pem -batch -subj '/CN=localhost/emailAddress=hg@localhost/'
$ openssl req -new -x509 -key priv.pem -nodes -sha256 -days 9000 \
-out pub-other.pem -batch -subj '/CN=localhost/emailAddress=hg@localhost/'
Yuya Nishihara
tests: extract SSL certificates from test-https.t...
r29331
Gregory Szorc
tests: regenerate x509 test certificates...
r29526 Now generate an expired certificate by turning back the system time:
Gregory Szorc
tests: update test certificate generation instructions...
r29579 $ faketime 2016-01-01T00:00:00Z \
openssl req -new -x509 -key priv.pem -nodes -sha256 -days 1 \
-out pub-expired.pem -batch -subj '/CN=localhost/emailAddress=hg@localhost/'
Yuya Nishihara
tests: extract SSL certificates from test-https.t...
r29331
Gregory Szorc
tests: regenerate x509 test certificates...
r29526 Generate a certificate not yet active by advancing the system time:
Gregory Szorc
tests: update test certificate generation instructions...
r29579 $ faketime 2030-01-1T00:00:00Z \
openssl req -new -x509 -key priv.pem -nodes -sha256 -days 1 \
-out pub-not-yet.pem -batch -subj '/CN=localhost/emailAddress=hg@localhost/'
Gregory Szorc
tests: regenerate x509 test certificates...
r29526
Generate a passphrase protected client certificate private key:
$ openssl genrsa -aes256 -passout pass:1234 -out client-key.pem 2048
Create a copy of the private key without a passphrase:
$ openssl rsa -in client-key.pem -passin pass:1234 -out client-key-decrypted.pem
Yuya Nishihara
tests: extract SSL certificates from test-https.t...
r29331
Gregory Szorc
tests: regenerate x509 test certificates...
r29526 Create a CSR and sign the key using the server keypair:
$ printf '.\n.\n.\n.\n.\n.\nhg-client@localhost\n.\n.\n' | \
openssl req -new -key client-key.pem -passin pass:1234 -out client-csr.pem
$ openssl x509 -req -days 9000 -in client-csr.pem -CA pub.pem -CAkey priv.pem \
-set_serial 01 -out client-cert.pem
Yuya Nishihara
tests: extract SSL certificates from test-https.t...
r29331
Gregory Szorc
tests: regenerate x509 test certificates...
r29526 When replacing the certificates, references to certificate fingerprints will
need to be updated in test files.
Fingerprints for certs can be obtained by running:
$ openssl x509 -in pub.pem -noout -sha1 -fingerprint
$ openssl x509 -in pub.pem -noout -sha256 -fingerprint