Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make CLI validation commands appear on the web #117

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Make CLI validation commands appear on the web #117

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,9 @@ validation/certs/utils/setup.py
# Automatically generated linking files
_data/mapping

# Automatically generated CLI validation commands
_data/certs.yml

# Build web page
_site

Expand Down
8 changes: 4 additions & 4 deletions _includes/error_box.html
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -63,12 +63,12 @@ <h3>{% include icon.html icon="certificate" %}Example certificates</h3>
{% for chain in mapping.chains %}
<li>Case&nbsp;{% include icon.html icon="zip" %}<a href="/assets/archives/{{ chain }}.zip">{{ chain }} </a>
(see the&nbsp;{% include icon.html icon="github" %}<a href="{{ site.repo-url }}/tree/master/validation/certs/scripts/chains/{{ chain }}/generate.py">generation script</a>)</li>
{% if site.data.certs[chain][page.library] %}
<p>Validate manually with: <code class="highlighter-rouge">{{ site.data.certs[chain][page.library] }}</code></p>
{% endif %}
{% endfor %}
</ul>
<!--{% if include.page.verify-command %}
{% assign library=site.data.libraries | where: "name", page.library | first %}
<p>Validate with: <code class="highlighter-rouge">{{ include.page.verify-command }}</code></p>
{% endif %}!-->

{% endunless %}

{% if mapping-present == true %}
Expand Down
15 changes: 12 additions & 3 deletions validation/certs/Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,8 +23,12 @@ ROOT=root
CHAINS=chains
# Filename of all generating scripts
GENERATE=generate
# Variable to specify wheter to print debug info
# Variable to specify whether to print debug info
DEBUG=""
# Directory to copy CLI validation commands into
CLI_FILE=../../_data/certs.yml
# Script that copies CLI validation data to web
CLI_SCRIPT=$(UTILS_DIR)/cli-validation.py

# Directory with scripts for all chains
CHAINS_DIR=$(SCRIPTS_DIR)/$(CHAINS)
Expand Down Expand Up @@ -54,8 +58,8 @@ VRESULTS_FILES_ALL=$(addprefix $(VRESULTS_DIR)/, $(addsuffix .yml, $(CHAINS_ALL)
ARCHIVES_ALL=$(addprefix $(ARCHIVE_DIR)/, $(addsuffix .zip, $(CHAINS_ALL)))


# Build everyhing, validate and concat all results into a single YAML file
all: $(ROOT_KEY_FILE) $(CHAINS_BUILD_ALL) $(VRESULTS_FILES_ALL) $(ARCHIVES_ALL)
# Build everything, validate and concat all results into a single YAML file
all: $(ROOT_KEY_FILE) $(CHAINS_BUILD_ALL) $(VRESULTS_FILES_ALL) $(ARCHIVES_ALL) $(CLI_FILE)
@cat $(VRESULTS_DIR)/*.yml > $(VRESULTS_FILE)

# First we build the root key target, this creates the root cert as well
Expand Down Expand Up @@ -95,9 +99,14 @@ $(ARCHIVE_DIR)/%.zip: $(BUILD_DIR)/%/$(CHAIN_FILENAME)
@cd $(BUILD_DIR) && zip --filesync --quiet ../$@ $(*F)/*.pem $(ROOT)/$(ROOT).pem
@printf "[ OK ]\n"

# Make CLI validation data accessible to web
$(CLI_FILE): $(wildcard $(SCRIPTS_DIR)/$(CHAINS)/*/vconfig.yml)
@python3 $(CLI_SCRIPT) $(SCRIPTS_DIR)/$(CHAINS)/ $(CLI_FILE)

clean:
rm -rf $(BUILD_DIR)
rm -rf $(VRESULTS_DIR)
rm -rf $(ARCHIVE_DIR)
rm -f $(CLI_FILE)

.PHONY: all clean
2 changes: 2 additions & 0 deletions validation/certs/scripts/chains/ANY_EXT_KEY_USAGE/vconfig.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,8 +4,10 @@ servers:
verify:
openssl:
options: {}
cli: openssl verify -CAfile root.pem -untrusted intermediate1.pem -purpose sslserver endpoint.pem
gnutls:
options: {}
cli: certtool --verify --load-ca-certificate root.pem --infile chain.pem
mbedtls:
options: {}
botan:
Expand Down
3 changes: 3 additions & 0 deletions validation/certs/scripts/chains/BC_NOT_CRITICAL_CA/vconfig.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,11 +5,14 @@ verify:
openssl:
options:
flags: "--strict"
cli: openssl verify -x509_strict -CAfile root.pem -untrusted intermediate1.pem endpoint.pem
gnutls:
options: {}
cli: certtool --verify --load-ca-certificate root.pem --infile chain.pem
mbedtls:
options: {}
botan:
options: {}
cli: botan cert_verify endpoint.pem intermediate1.pem root.pem
openjdk:
options: {}
3 changes: 3 additions & 0 deletions validation/certs/scripts/chains/BC_PATH_LEN_EXCEEDED/vconfig.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,11 +4,14 @@ servers:
verify:
openssl:
options: {}
cli: openssl verify -CAfile root.pem -untrusted intermediate1.pem -untrusted intermediate2.pem endpoint.pem
gnutls:
options: {}
cli: certtool --verify --load-ca-certificate root.pem --infile chain.pem
mbedtls:
options: {}
botan:
options: {}
cli: botan cert_verify endpoint.pem intermediate1.pem intermediate2.pem root.pem
openjdk:
options: {}
3 changes: 3 additions & 0 deletions validation/certs/scripts/chains/BC_PATH_LEN_IN_NON_CA/vconfig.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,11 +5,14 @@ verify:
openssl:
options:
flags: "--strict"
cli: openssl verify -x509_strict -CAfile root.pem -untrusted intermediate1.pem endpoint.pem
gnutls:
options: {}
cli: certtool --verify --load-ca-certificate root.pem --infile chain.pem
mbedtls:
options: {}
botan:
options: {}
cli: botan cert_verify endpoint.pem intermediate1.pem root.pem
openjdk:
options: {}
6 changes: 4 additions & 2 deletions validation/certs/scripts/chains/BC_PATH_LEN_NEGATIVE/vconfig.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,16 +1,18 @@
servers:
main:
which: python
main: {}

verify:
openssl:
options:
flags: "--strict"
cli: openssl verify -x509_strict -CAfile root.pem -untrusted intermediate1.pem endpoint.pem
gnutls:
options: {}
cli: certtool --verify --load-ca-certificate root.pem --infile chain.pem
mbedtls:
options: {}
botan:
options: {}
cli: botan cert_verify endpoint.pem intermediate1.pem root.pem
openjdk:
options: {}
3 changes: 3 additions & 0 deletions validation/certs/scripts/chains/CHAIN_LOOP/vconfig.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,11 +4,14 @@ servers:
verify:
openssl:
options: {}
cli: openssl verify -CAfile root.pem -untrusted intermediate1.pem intermediate2.pem endpoint.pem
gnutls:
options: {}
cli: certtool --verify --load-ca-certificate root.pem --infile chain.pem
mbedtls:
options: {}
botan:
options: {}
cli: botan cert_verify endpoint.pem intermediate1.pem intermediate2.pem root.pem
openjdk:
options: {}
3 changes: 3 additions & 0 deletions validation/certs/scripts/chains/DUPLICATE_BC_EXTENSION/vconfig.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,11 +5,14 @@ servers:
verify:
openssl:
options: {}
cli: openssl verify -CAfile root.pem -untrusted intermediate1.pem endpoint.pem
gnutls:
options: {}
cli: certtool --verify --load-ca-certificate root.pem --infile chain.pem
mbedtls:
options: {}
botan:
options: {}
cli: botan cert_verify endpoint.pem intermediate1.pem root.pem
openjdk:
options: {}
3 changes: 3 additions & 0 deletions validation/certs/scripts/chains/EMPTY_EXT_KEY_USAGE/vconfig.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,11 +4,14 @@ servers:
verify:
openssl:
options: {}
cli: openssl verify -CAfile root.pem -untrusted intermediate1.pem endpoint.pem
gnutls:
options: {}
cli: certtool --verify --load-ca-certificate root.pem --infile chain.pem
mbedtls:
options: {}
botan:
options: {}
cli: botan cert_verify endpoint.pem intermediate1.pem root.pem
openjdk:
options: {}
3 changes: 3 additions & 0 deletions validation/certs/scripts/chains/EMPTY_IP_ADDR_BLOCKS/vconfig.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,11 +4,14 @@ servers:
verify:
openssl:
options: {}
cli: openssl verify -CAfile root.pem -untrusted intermediate1.pem endpoint.pem
gnutls:
options: {}
cli: certtool --verify --load-ca-certificate root.pem --infile chain.pem
mbedtls:
options: {}
botan:
options: {}
cli: botan cert_verify endpoint.pem intermediate1.pem root.pem
openjdk:
options: {}
3 changes: 3 additions & 0 deletions validation/certs/scripts/chains/EMPTY_KEY_USAGE_END_CERT/vconfig.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,11 +4,14 @@ servers:
verify:
openssl:
options: {}
cli: openssl verify -CAfile root.pem -untrusted intermediate1.pem -purpose sslserver endpoint.pem
gnutls:
options: {}
cli: certtool --verify --load-ca-certificate root.pem --infile chain.pem
mbedtls:
options: {}
botan:
options: {}
cli: botan cert_verify endpoint.pem intermediate1.pem root.pem
openjdk:
options: {}
3 changes: 3 additions & 0 deletions validation/certs/scripts/chains/EMPTY_SUBJECT_AND_NO_SAN/vconfig.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,11 +4,14 @@ servers:
verify:
openssl:
options: {}
cli: openssl verify -CAfile root.pem -untrusted intermediate1.pem endpoint.pem
gnutls:
options: {}
cli: certtool --verify --load-ca-certificate root.pem --infile chain.pem
mbedtls:
options: {}
botan:
options: {}
cli: botan cert_verify endpoint.pem intermediate1.pem root.pem
openjdk:
options: {}
3 changes: 3 additions & 0 deletions validation/certs/scripts/chains/END_ENTITY_RSA_KEY_1024/vconfig.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,11 +4,14 @@ servers:
verify:
openssl:
options: {}
cli: openssl verify -CAfile root.pem -untrusted intermediate1.pem -auth_level 2 endpoint.pem
gnutls:
options: {}
cli: certtool --verify --load-ca-certificate root.pem --infile chain.pem
mbedtls:
options: {}
botan:
options: {}
cli: botan cert_verify endpoint.pem intermediate1.pem root.pem
openjdk:
options: {}
3 changes: 3 additions & 0 deletions validation/certs/scripts/chains/EXPIRED/vconfig.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,11 +4,14 @@ servers:
verify:
openssl:
options: {}
cli: openssl verify -CAfile root.pem -untrusted intermediate1.pem endpoint.pem
gnutls:
options: {}
cli: certtool --verify --load-ca-certificate root.pem --infile chain.pem
mbedtls:
options: {}
botan:
options: {}
cli: botan cert_verify endpoint.pem intermediate1.pem root.pem
openjdk:
options: {}
1 change: 1 addition & 0 deletions validation/certs/scripts/chains/HOST_NO_MATCH_CN/vconfig.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ servers:
verify:
openssl:
options: {}
cli: openssl verify -CAfile root.pem -untrusted intermediate1.pem -verify_hostname localhost endpoint.pem
gnutls:
options: {}
mbedtls:
Expand Down
3 changes: 3 additions & 0 deletions validation/certs/scripts/chains/INVALID_SIGNATURE/vconfig.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,11 +4,14 @@ servers:
verify:
openssl:
options: {}
cli: openssl verify -CAfile root.pem -untrusted intermediate1.pem endpoint.pem
gnutls:
options: {}
cli: certtool --verify --load-ca-certificate root.pem --infile chain.pem
mbedtls:
options: {}
botan:
options: {}
cli: botan cert_verify endpoint.pem intermediate1.pem root.pem
openjdk:
options: {}
1 change: 1 addition & 0 deletions validation/certs/scripts/chains/IP_ADDR_BLOCKS_NO_SUBSET/vconfig.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ servers:
verify:
openssl:
options: {}
cli: openssl verify -CAfile root.pem -untrusted intermediate1.pem endpoint.pem
gnutls:
options: {}
mbedtls:
Expand Down
3 changes: 3 additions & 0 deletions validation/certs/scripts/chains/ISSUER_CA_FALSE/vconfig.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,11 +4,14 @@ servers:
verify:
openssl:
options: {}
cli: openssl verify -CAfile root.pem -untrusted intermediate1.pem endpoint.pem
gnutls:
options: {}
cli: certtool --verify --load-ca-certificate root.pem --infile chain.pem
mbedtls:
options: {}
botan:
options: {}
cli: botan cert_verify endpoint.pem intermediate1.pem root.pem
openjdk:
options: {}
3 changes: 3 additions & 0 deletions validation/certs/scripts/chains/ISSUER_HASH_MD5/vconfig.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,11 +4,14 @@ servers:
verify:
openssl:
options: {}
cli: openssl verify -CAfile root.pem -untrusted intermediate1.pem -auth_level 2 endpoint.pem
gnutls:
options: {}
cli: certtool --verify --load-ca-certificate root.pem --infile chain.pem
mbedtls:
options: {}
botan:
options: {}
cli: botan cert_verify endpoint.pem intermediate1.pem root.pem
openjdk:
options: {}
3 changes: 3 additions & 0 deletions validation/certs/scripts/chains/ISSUER_NO_MATCH_SUBJECT/vconfig.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,11 +4,14 @@ servers:
verify:
openssl:
options: {}
cli: openssl verify -CAfile root.pem -untrusted intermediate1.pem endpoint.pem
gnutls:
options: {}
cli: certtool --verify --load-ca-certificate root.pem --infile chain.pem
mbedtls:
options: {}
botan:
options: {}
cli: botan cert_verify endpoint.pem intermediate1.pem root.pem
openjdk:
options: {}
3 changes: 3 additions & 0 deletions validation/certs/scripts/chains/ISSUER_PUBKEY_INFO_INVALID_OID/vconfig.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,11 +4,14 @@ servers:
verify:
openssl:
options: {}
cli: openssl verify -CAfile root.pem -untrusted intermediate1.pem endpoint.pem
gnutls:
options: {}
cli: certtool --verify --load-ca-certificate root.pem --infile chain.pem
mbedtls:
options: {}
botan:
options: {}
cli: botan cert_verify endpoint.pem intermediate1.pem root.pem
openjdk:
options: {}
3 changes: 3 additions & 0 deletions validation/certs/scripts/chains/ISSUER_PUBKEY_INVALID_OID_AND_SIGNATURE/vconfig.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,11 +4,14 @@ servers:
verify:
openssl:
options: {}
cli: openssl verify -CAfile root.pem -untrusted intermediate1.pem endpoint.pem
gnutls:
options: {}
cli: certtool --verify --load-ca-certificate root.pem --infile chain.pem
mbedtls:
options: {}
botan:
options: {}
cli: botan cert_verify endpoint.pem intermediate1.pem root.pem
openjdk:
options: {}
Loading