2019-09-12 10:56:54 +03:00
#!/bin/bash
2020-12-11 18:31:40 +02:00
# Generate some test certificates which are used by the regression test suite:
#
# tests/tls/ca.{crt,key} Self signed CA certificate.
# tests/tls/redis.{crt,key} A certificate with no key usage/policy restrictions.
# tests/tls/client.{crt,key} A certificate restricted for SSL client usage.
2021-04-25 08:11:16 +01:00
# tests/tls/server.{crt,key} A certificate restricted for SSL server usage.
2020-12-11 18:31:40 +02:00
# tests/tls/redis.dh DH Params file.
generate_cert( ) {
local name = $1
local cn = " $2 "
local opts = " $3 "
local keyfile = tests/tls/${ name } .key
local certfile = tests/tls/${ name } .crt
[ -f $keyfile ] || openssl genrsa -out $keyfile 2048
openssl req \
-new -sha256 \
-subj " /O=Redis Test/CN= $cn " \
-key $keyfile | \
openssl x509 \
-req -sha256 \
-CA tests/tls/ca.crt \
-CAkey tests/tls/ca.key \
-CAserial tests/tls/ca.txt \
-CAcreateserial \
-days 365 \
$opts \
-out $certfile
}
2019-09-12 10:56:54 +03:00
mkdir -p tests/tls
2020-12-11 18:31:40 +02:00
[ -f tests/tls/ca.key ] || openssl genrsa -out tests/tls/ca.key 4096
2019-09-12 10:56:54 +03:00
openssl req \
-x509 -new -nodes -sha256 \
-key tests/tls/ca.key \
-days 3650 \
-subj '/O=Redis Test/CN=Certificate Authority' \
-out tests/tls/ca.crt
2020-12-11 18:31:40 +02:00
cat > tests/tls/openssl.cnf <<_END_
[ server_cert ]
keyUsage = digitalSignature, keyEncipherment
nsCertType = server
[ client_cert ]
keyUsage = digitalSignature, keyEncipherment
nsCertType = client
_END_
generate_cert server "Server-only" "-extfile tests/tls/openssl.cnf -extensions server_cert"
generate_cert client "Client-only" "-extfile tests/tls/openssl.cnf -extensions client_cert"
generate_cert redis "Generic-cert"
[ -f tests/tls/redis.dh ] || openssl dhparam -out tests/tls/redis.dh 2048
