+459
-440
lines changedFilter options
+459
-440
lines changed Original file line number Diff line number Diff line change
@@ -142,9 +142,9 @@ func TestOCSPGeneration(t *testing.T) {
142 142
Subject: pkix.Name{
143 143
Organization: []string{"cfssl unit test"},
144 144
},
145 -
AuthorityKeyId: []byte{42, 42, 42, 42},
146 -
KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign,
147 -
IsCA: true,
145 +
AuthorityKeyId: []byte{42, 42, 42, 42},
146 +
KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign,
147 +
IsCA: true,
148 148
BasicConstraintsValid: true,
149 149
}
150 150
issuerBytes, err := x509.CreateCertificate(rand.Reader, &issuerTemplate, &issuerTemplate, &privKey.PublicKey, privKey)
@@ -27,9 +27,11 @@ type fileTest struct {
27 27
bundleChecking func(*testing.T, *Bundle)
28 28
}
29 29 30 -
/* ========== BundleFromFile Test Setup =============
30 +
/*
31 +
========== BundleFromFile Test Setup =============
31 32 32 33
For each pair of crypto algorithm X and key size Y, a CA chain is constructed:
34 + 33 35
Test_root_CA -> inter-L1 -> inter-L2--> cfssl-leaf-ecdsa256
34 36
|-> cfssl-leaf-ecdsa384
35 37
|-> cfssl-leaf-ecdsa521
@@ -44,8 +46,10 @@ Two inter-* certs are assembled in intermediates.crt
44 46 45 47
There is also an expired L1 cert, sharing the same CSR with inter-L1. Also the
46 48
root CA processes the inter-L2 CSR directly to generate inter-L2-direct cert.
47 -
* Test_root_CA--> inter-L1-expired
49 + 50 +
Test_root_CA--> inter-L1-expired
48 51
|-> inter-L2-direct
52 + 49 53
Using inter-L2-direct as additional intermediate cert should shorten the
50 54
bundle chain.
51 55
*/
@@ -1,3 +1,4 @@
1 +
//go:build mysql
1 2
// +build mysql
2 3 3 4
package sql
@@ -1,3 +1,4 @@
1 +
//go:build postgresql
1 2
// +build postgresql
2 3 3 4
package sql
@@ -69,7 +69,7 @@ type Config struct {
69 69
AKI string
70 70
DBConfigFile string
71 71
CRLExpiration time.Duration
72 -
Disable string
72 +
Disable string
73 73
}
74 74 75 75
// registerFlags defines all cfssl command flags and associates their values with variables.
@@ -1,4 +1,4 @@
1 -
//Package crl implements the crl command
1 +
// Package crl implements the crl command
2 2
package crl
3 3 4 4
import (
@@ -1,4 +1,4 @@
1 -
//Package gencrl implements the gencrl command
1 +
// Package gencrl implements the gencrl command
2 2
package gencrl
3 3 4 4
import (
@@ -4,6 +4,7 @@ also a tool to start a HTTP server to handle web requests for signing, bundling
4 4
and verification.
5 5 6 6
Usage:
7 + 7 8
cfssl command [-flags] arguments
8 9 9 10
The commands are
@@ -2,6 +2,7 @@
2 2
// All certificates in the input file paths are checked for revocation and bundled together.
3 3
//
4 4
// Usage:
5 +
//
5 6
// mkbundle -f bundle_file -nw number_of_workers certificate_file_path ...
6 7
package main
7 8
@@ -3,17 +3,17 @@
3 3
// to PKCS #7 format from another encoding such as PEM conforms to this implementation.
4 4
// reference: https://www.openssl.org/docs/man1.1.0/apps/crl2pkcs7.html
5 5
//
6 -
// PKCS #7 Data type, reference: https://tools.ietf.org/html/rfc2315
6 +
// PKCS #7 Data type, reference: https://tools.ietf.org/html/rfc2315
7 7
//
8 8
// The full pkcs#7 cryptographic message syntax allows for cryptographic enhancements,
9 9
// for example data can be encrypted and signed and then packaged through pkcs#7 to be
10 10
// sent over a network and then verified and decrypted. It is asn1, and the type of
11 11
// PKCS #7 ContentInfo, which comprises the PKCS #7 structure, is:
12 12
//
13 -
// ContentInfo ::= SEQUENCE {
14 -
// contentType ContentType,
15 -
// content [0] EXPLICIT ANY DEFINED BY contentType OPTIONAL
16 -
// }
13 +
// ContentInfo ::= SEQUENCE {
14 +
// contentType ContentType,
15 +
// content [0] EXPLICIT ANY DEFINED BY contentType OPTIONAL
16 +
// }
17 17
//
18 18
// There are 6 possible ContentTypes, data, signedData, envelopedData,
19 19
// signedAndEnvelopedData, digestedData, and encryptedData. Here signedData, Data, and encrypted
@@ -22,15 +22,14 @@
22 22
// formats.
23 23
// The ContentType signedData has the form:
24 24
//
25 -
//
26 -
// signedData ::= SEQUENCE {
27 -
// version Version,
28 -
// digestAlgorithms DigestAlgorithmIdentifiers,
29 -
// contentInfo ContentInfo,
30 -
// certificates [0] IMPLICIT ExtendedCertificatesAndCertificates OPTIONAL
31 -
// crls [1] IMPLICIT CertificateRevocationLists OPTIONAL,
32 -
// signerInfos SignerInfos
33 -
// }
25 +
// signedData ::= SEQUENCE {
26 +
// version Version,
27 +
// digestAlgorithms DigestAlgorithmIdentifiers,
28 +
// contentInfo ContentInfo,
29 +
// certificates [0] IMPLICIT ExtendedCertificatesAndCertificates OPTIONAL
30 +
// crls [1] IMPLICIT CertificateRevocationLists OPTIONAL,
31 +
// signerInfos SignerInfos
32 +
// }
34 33
//
35 34
// As of yet signerInfos and digestAlgorithms are not parsed, as they are not relevant to
36 35
// this system's use of PKCS #7 data. Version is an integer type, note that PKCS #7 is
You can’t perform that action at this time.
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4