| 
									
										
										
										
											2010-10-08 23:06:24 +00:00
										 |  |  | """Make the custom certificate and private key files used by test_ssl
 | 
					
						
							|  |  |  | and friends."""
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | import os | 
					
						
							| 
									
										
										
										
											2018-01-20 15:16:30 +01:00
										 |  |  | import pprint | 
					
						
							| 
									
										
										
										
											2013-01-05 21:20:29 +01:00
										 |  |  | import shutil | 
					
						
							| 
									
										
										
										
											2010-10-08 23:06:24 +00:00
										 |  |  | import tempfile | 
					
						
							|  |  |  | from subprocess import * | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-04-17 10:07:19 +02:00
										 |  |  | startdate = "20180829142316Z" | 
					
						
							|  |  |  | enddate = "20371028142316Z" | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2010-10-08 23:06:24 +00:00
										 |  |  | req_template = """
 | 
					
						
							| 
									
										
										
										
											2018-01-20 15:16:30 +01:00
										 |  |  |     [ default ] | 
					
						
							|  |  |  |     base_url               = http://testca.pythontest.net/testca | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2010-10-08 23:06:24 +00:00
										 |  |  |     [req] | 
					
						
							|  |  |  |     distinguished_name     = req_distinguished_name | 
					
						
							|  |  |  |     prompt                 = no | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     [req_distinguished_name] | 
					
						
							|  |  |  |     C                      = XY | 
					
						
							|  |  |  |     L                      = Castle Anthrax | 
					
						
							|  |  |  |     O                      = Python Software Foundation | 
					
						
							|  |  |  |     CN                     = {hostname} | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-04-17 10:07:19 +02:00
										 |  |  |     [req_x509_extensions_nosan] | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-01-20 15:16:30 +01:00
										 |  |  |     [req_x509_extensions_simple] | 
					
						
							|  |  |  |     subjectAltName         = @san | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     [req_x509_extensions_full] | 
					
						
							| 
									
										
										
										
											2016-09-06 23:25:35 +02:00
										 |  |  |     subjectAltName         = @san | 
					
						
							| 
									
										
										
										
											2018-01-20 15:16:30 +01:00
										 |  |  |     keyUsage               = critical,keyEncipherment,digitalSignature | 
					
						
							|  |  |  |     extendedKeyUsage       = serverAuth,clientAuth | 
					
						
							|  |  |  |     basicConstraints       = critical,CA:false | 
					
						
							|  |  |  |     subjectKeyIdentifier   = hash | 
					
						
							|  |  |  |     authorityKeyIdentifier = keyid:always,issuer:always | 
					
						
							|  |  |  |     authorityInfoAccess    = @issuer_ocsp_info | 
					
						
							|  |  |  |     crlDistributionPoints  = @crl_info | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     [ issuer_ocsp_info ] | 
					
						
							|  |  |  |     caIssuers;URI.0        = $base_url/pycacert.cer | 
					
						
							|  |  |  |     OCSP;URI.0             = $base_url/ocsp/ | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     [ crl_info ] | 
					
						
							|  |  |  |     URI.0                  = $base_url/revocation.crl | 
					
						
							| 
									
										
										
										
											2016-09-06 23:25:35 +02:00
										 |  |  | 
 | 
					
						
							|  |  |  |     [san] | 
					
						
							|  |  |  |     DNS.1 = {hostname} | 
					
						
							|  |  |  |     {extra_san} | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     [dir_sect] | 
					
						
							|  |  |  |     C                      = XY | 
					
						
							|  |  |  |     L                      = Castle Anthrax | 
					
						
							|  |  |  |     O                      = Python Software Foundation | 
					
						
							|  |  |  |     CN                     = dirname example | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     [princ_name] | 
					
						
							|  |  |  |     realm = EXP:0, GeneralString:KERBEROS.REALM | 
					
						
							|  |  |  |     principal_name = EXP:1, SEQUENCE:principal_seq | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     [principal_seq] | 
					
						
							|  |  |  |     name_type = EXP:0, INTEGER:1 | 
					
						
							|  |  |  |     name_string = EXP:1, SEQUENCE:principals | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     [principals] | 
					
						
							|  |  |  |     princ1 = GeneralString:username | 
					
						
							| 
									
										
										
										
											2013-01-05 21:20:29 +01:00
										 |  |  | 
 | 
					
						
							|  |  |  |     [ ca ] | 
					
						
							|  |  |  |     default_ca      = CA_default | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     [ CA_default ] | 
					
						
							|  |  |  |     dir = cadir | 
					
						
							|  |  |  |     database  = $dir/index.txt | 
					
						
							| 
									
										
										
										
											2013-11-21 23:56:13 +01:00
										 |  |  |     crlnumber = $dir/crl.txt | 
					
						
							| 
									
										
										
										
											2018-08-30 07:25:49 +02:00
										 |  |  |     default_md = sha256 | 
					
						
							| 
									
										
										
										
											2021-04-17 10:07:19 +02:00
										 |  |  |     startdate = {startdate} | 
					
						
							|  |  |  |     default_startdate = {startdate} | 
					
						
							|  |  |  |     enddate = {enddate} | 
					
						
							|  |  |  |     default_enddate = {enddate} | 
					
						
							|  |  |  |     default_days = 7000 | 
					
						
							|  |  |  |     default_crl_days = 7000 | 
					
						
							| 
									
										
										
										
											2013-01-05 21:20:29 +01:00
										 |  |  |     certificate = pycacert.pem | 
					
						
							|  |  |  |     private_key = pycakey.pem | 
					
						
							|  |  |  |     serial    = $dir/serial | 
					
						
							|  |  |  |     RANDFILE  = $dir/.rand | 
					
						
							|  |  |  |     policy          = policy_match | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     [ policy_match ] | 
					
						
							|  |  |  |     countryName             = match | 
					
						
							|  |  |  |     stateOrProvinceName     = optional | 
					
						
							|  |  |  |     organizationName        = match | 
					
						
							|  |  |  |     organizationalUnitName  = optional | 
					
						
							|  |  |  |     commonName              = supplied | 
					
						
							|  |  |  |     emailAddress            = optional | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     [ policy_anything ] | 
					
						
							|  |  |  |     countryName   = optional | 
					
						
							|  |  |  |     stateOrProvinceName = optional | 
					
						
							|  |  |  |     localityName    = optional | 
					
						
							|  |  |  |     organizationName  = optional | 
					
						
							|  |  |  |     organizationalUnitName  = optional | 
					
						
							|  |  |  |     commonName    = supplied | 
					
						
							|  |  |  |     emailAddress    = optional | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     [ v3_ca ] | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     subjectKeyIdentifier=hash | 
					
						
							|  |  |  |     authorityKeyIdentifier=keyid:always,issuer | 
					
						
							| 
									
										
										
										
											2024-03-06 16:44:58 -05:00
										 |  |  |     basicConstraints = critical, CA:true | 
					
						
							|  |  |  |     keyUsage = critical, digitalSignature, keyCertSign, cRLSign | 
					
						
							| 
									
										
										
										
											2013-01-05 21:20:29 +01:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2010-10-08 23:06:24 +00:00
										 |  |  |     """
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | here = os.path.abspath(os.path.dirname(__file__)) | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-01-20 15:16:30 +01:00
										 |  |  | 
 | 
					
						
							|  |  |  | def make_cert_key(hostname, sign=False, extra_san='', | 
					
						
							| 
									
										
										
										
											2018-08-30 07:25:49 +02:00
										 |  |  |                   ext='req_x509_extensions_full', key='rsa:3072'): | 
					
						
							| 
									
										
										
										
											2013-01-05 21:20:29 +01:00
										 |  |  |     print("creating cert for " + hostname) | 
					
						
							| 
									
										
										
										
											2010-10-08 23:06:24 +00:00
										 |  |  |     tempnames = [] | 
					
						
							|  |  |  |     for i in range(3): | 
					
						
							|  |  |  |         with tempfile.NamedTemporaryFile(delete=False) as f: | 
					
						
							|  |  |  |             tempnames.append(f.name) | 
					
						
							|  |  |  |     req_file, cert_file, key_file = tempnames | 
					
						
							|  |  |  |     try: | 
					
						
							| 
									
										
										
										
											2021-04-17 10:07:19 +02:00
										 |  |  |         req = req_template.format( | 
					
						
							|  |  |  |             hostname=hostname, | 
					
						
							|  |  |  |             extra_san=extra_san, | 
					
						
							|  |  |  |             startdate=startdate, | 
					
						
							|  |  |  |             enddate=enddate | 
					
						
							|  |  |  |         ) | 
					
						
							| 
									
										
										
										
											2010-10-08 23:06:24 +00:00
										 |  |  |         with open(req_file, 'w') as f: | 
					
						
							| 
									
										
										
										
											2016-09-06 23:25:35 +02:00
										 |  |  |             f.write(req) | 
					
						
							| 
									
										
										
										
											2021-04-17 10:07:19 +02:00
										 |  |  |         args = ['req', '-new', '-nodes', '-days', '7000', | 
					
						
							| 
									
										
										
										
											2018-01-20 15:16:30 +01:00
										 |  |  |                 '-newkey', key, '-keyout', key_file, | 
					
						
							|  |  |  |                 '-extensions', ext, | 
					
						
							| 
									
										
										
										
											2013-01-05 21:20:29 +01:00
										 |  |  |                 '-config', req_file] | 
					
						
							|  |  |  |         if sign: | 
					
						
							|  |  |  |             with tempfile.NamedTemporaryFile(delete=False) as f: | 
					
						
							|  |  |  |                 tempnames.append(f.name) | 
					
						
							|  |  |  |                 reqfile = f.name | 
					
						
							|  |  |  |             args += ['-out', reqfile ] | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         else: | 
					
						
							|  |  |  |             args += ['-x509', '-out', cert_file ] | 
					
						
							| 
									
										
										
										
											2010-10-08 23:06:24 +00:00
										 |  |  |         check_call(['openssl'] + args) | 
					
						
							| 
									
										
										
										
											2013-01-05 21:20:29 +01:00
										 |  |  | 
 | 
					
						
							|  |  |  |         if sign: | 
					
						
							| 
									
										
										
										
											2018-01-20 15:16:30 +01:00
										 |  |  |             args = [ | 
					
						
							|  |  |  |                 'ca', | 
					
						
							|  |  |  |                 '-config', req_file, | 
					
						
							|  |  |  |                 '-extensions', ext, | 
					
						
							|  |  |  |                 '-out', cert_file, | 
					
						
							|  |  |  |                 '-outdir', 'cadir', | 
					
						
							|  |  |  |                 '-policy', 'policy_anything', | 
					
						
							|  |  |  |                 '-batch', '-infiles', reqfile | 
					
						
							|  |  |  |             ] | 
					
						
							| 
									
										
										
										
											2013-01-05 21:20:29 +01:00
										 |  |  |             check_call(['openssl'] + args) | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2010-10-08 23:06:24 +00:00
										 |  |  |         with open(cert_file, 'r') as f: | 
					
						
							|  |  |  |             cert = f.read() | 
					
						
							|  |  |  |         with open(key_file, 'r') as f: | 
					
						
							|  |  |  |             key = f.read() | 
					
						
							|  |  |  |         return cert, key | 
					
						
							|  |  |  |     finally: | 
					
						
							|  |  |  |         for name in tempnames: | 
					
						
							|  |  |  |             os.remove(name) | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2013-01-05 21:20:29 +01:00
										 |  |  | TMP_CADIR = 'cadir' | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | def unmake_ca(): | 
					
						
							|  |  |  |     shutil.rmtree(TMP_CADIR) | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | def make_ca(): | 
					
						
							|  |  |  |     os.mkdir(TMP_CADIR) | 
					
						
							|  |  |  |     with open(os.path.join('cadir','index.txt'),'a+') as f: | 
					
						
							|  |  |  |         pass # empty file | 
					
						
							| 
									
										
										
										
											2013-11-21 23:56:13 +01:00
										 |  |  |     with open(os.path.join('cadir','crl.txt'),'a+') as f: | 
					
						
							| 
									
										
										
										
											2014-07-26 11:15:52 -04:00
										 |  |  |         f.write("00") | 
					
						
							| 
									
										
										
										
											2013-01-05 21:20:29 +01:00
										 |  |  |     with open(os.path.join('cadir','index.txt.attr'),'w+') as f: | 
					
						
							|  |  |  |         f.write('unique_subject = no') | 
					
						
							| 
									
										
										
										
											2021-04-17 10:07:19 +02:00
										 |  |  |     # random start value for serial numbers | 
					
						
							|  |  |  |     with open(os.path.join('cadir','serial'), 'w') as f: | 
					
						
							|  |  |  |         f.write('CB2D80995A69525B\n') | 
					
						
							| 
									
										
										
										
											2013-01-05 21:20:29 +01:00
										 |  |  | 
 | 
					
						
							|  |  |  |     with tempfile.NamedTemporaryFile("w") as t: | 
					
						
							| 
									
										
										
										
											2021-04-17 10:07:19 +02:00
										 |  |  |         req = req_template.format( | 
					
						
							|  |  |  |             hostname='our-ca-server', | 
					
						
							|  |  |  |             extra_san='', | 
					
						
							|  |  |  |             startdate=startdate, | 
					
						
							|  |  |  |             enddate=enddate | 
					
						
							|  |  |  |         ) | 
					
						
							|  |  |  |         t.write(req) | 
					
						
							| 
									
										
										
										
											2013-01-05 21:20:29 +01:00
										 |  |  |         t.flush() | 
					
						
							|  |  |  |         with tempfile.NamedTemporaryFile() as f: | 
					
						
							| 
									
										
										
										
											2021-04-17 10:07:19 +02:00
										 |  |  |             args = ['req', '-config', t.name, '-new', | 
					
						
							|  |  |  |                     '-nodes', | 
					
						
							|  |  |  |                     '-newkey', 'rsa:3072', | 
					
						
							|  |  |  |                     '-keyout', 'pycakey.pem', | 
					
						
							| 
									
										
										
										
											2013-01-05 21:20:29 +01:00
										 |  |  |                     '-out', f.name, | 
					
						
							|  |  |  |                     '-subj', '/C=XY/L=Castle Anthrax/O=Python Software Foundation CA/CN=our-ca-server'] | 
					
						
							|  |  |  |             check_call(['openssl'] + args) | 
					
						
							| 
									
										
										
										
											2021-04-17 10:07:19 +02:00
										 |  |  |             args = ['ca', '-config', t.name, | 
					
						
							| 
									
										
										
										
											2013-01-05 21:20:29 +01:00
										 |  |  |                     '-out', 'pycacert.pem', '-batch', '-outdir', TMP_CADIR, | 
					
						
							| 
									
										
										
										
											2021-04-17 10:07:19 +02:00
										 |  |  |                     '-keyfile', 'pycakey.pem', | 
					
						
							| 
									
										
										
										
											2013-01-05 21:20:29 +01:00
										 |  |  |                     '-selfsign', '-extensions', 'v3_ca', '-infiles', f.name ] | 
					
						
							|  |  |  |             check_call(['openssl'] + args) | 
					
						
							| 
									
										
										
										
											2013-11-21 23:56:13 +01:00
										 |  |  |             args = ['ca', '-config', t.name, '-gencrl', '-out', 'revocation.crl'] | 
					
						
							|  |  |  |             check_call(['openssl'] + args) | 
					
						
							| 
									
										
										
										
											2010-10-08 23:06:24 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-01-20 15:16:30 +01:00
										 |  |  |     # capath hashes depend on subject! | 
					
						
							|  |  |  |     check_call([ | 
					
						
							|  |  |  |         'openssl', 'x509', '-in', 'pycacert.pem', '-out', 'capath/ceff1710.0' | 
					
						
							|  |  |  |     ]) | 
					
						
							|  |  |  |     shutil.copy('capath/ceff1710.0', 'capath/b1930218.0') | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | def print_cert(path): | 
					
						
							|  |  |  |     import _ssl | 
					
						
							|  |  |  |     pprint.pprint(_ssl._test_decode_cert(path)) | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2010-10-08 23:06:24 +00:00
										 |  |  | if __name__ == '__main__': | 
					
						
							|  |  |  |     os.chdir(here) | 
					
						
							| 
									
										
										
										
											2018-01-20 15:16:30 +01:00
										 |  |  |     cert, key = make_cert_key('localhost', ext='req_x509_extensions_simple') | 
					
						
							| 
									
										
										
										
											2010-10-08 23:06:24 +00:00
										 |  |  |     with open('ssl_cert.pem', 'w') as f: | 
					
						
							|  |  |  |         f.write(cert) | 
					
						
							|  |  |  |     with open('ssl_key.pem', 'w') as f: | 
					
						
							|  |  |  |         f.write(key) | 
					
						
							| 
									
										
										
										
											2013-01-05 21:20:29 +01:00
										 |  |  |     print("password protecting ssl_key.pem in ssl_key.passwd.pem") | 
					
						
							| 
									
										
										
										
											2019-09-25 17:55:02 +02:00
										 |  |  |     check_call(['openssl','pkey','-in','ssl_key.pem','-out','ssl_key.passwd.pem','-aes256','-passout','pass:somepass']) | 
					
						
							|  |  |  |     check_call(['openssl','pkey','-in','ssl_key.pem','-out','keycert.passwd.pem','-aes256','-passout','pass:somepass']) | 
					
						
							| 
									
										
										
										
											2013-01-05 21:20:29 +01:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2010-10-08 23:06:24 +00:00
										 |  |  |     with open('keycert.pem', 'w') as f: | 
					
						
							|  |  |  |         f.write(key) | 
					
						
							|  |  |  |         f.write(cert) | 
					
						
							| 
									
										
										
										
											2013-01-05 21:20:29 +01:00
										 |  |  | 
 | 
					
						
							|  |  |  |     with open('keycert.passwd.pem', 'a+') as f: | 
					
						
							|  |  |  |         f.write(cert) | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2010-10-13 10:36:15 +00:00
										 |  |  |     # For certificate matching tests | 
					
						
							| 
									
										
										
										
											2013-01-05 21:20:29 +01:00
										 |  |  |     make_ca() | 
					
						
							| 
									
										
										
										
											2018-01-20 15:16:30 +01:00
										 |  |  |     cert, key = make_cert_key('fakehostname', ext='req_x509_extensions_simple') | 
					
						
							| 
									
										
										
										
											2010-10-13 10:36:15 +00:00
										 |  |  |     with open('keycert2.pem', 'w') as f: | 
					
						
							|  |  |  |         f.write(key) | 
					
						
							|  |  |  |         f.write(cert) | 
					
						
							| 
									
										
										
										
											2013-01-05 21:20:29 +01:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-04-17 10:07:19 +02:00
										 |  |  |     cert, key = make_cert_key('localhost', sign=True) | 
					
						
							| 
									
										
										
										
											2013-01-05 21:20:29 +01:00
										 |  |  |     with open('keycert3.pem', 'w') as f: | 
					
						
							|  |  |  |         f.write(key) | 
					
						
							|  |  |  |         f.write(cert) | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-04-17 10:07:19 +02:00
										 |  |  |     cert, key = make_cert_key('fakehostname', sign=True) | 
					
						
							| 
									
										
										
										
											2013-01-05 21:20:29 +01:00
										 |  |  |     with open('keycert4.pem', 'w') as f: | 
					
						
							|  |  |  |         f.write(key) | 
					
						
							|  |  |  |         f.write(cert) | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-01-20 15:16:30 +01:00
										 |  |  |     cert, key = make_cert_key( | 
					
						
							| 
									
										
										
										
											2021-04-17 10:07:19 +02:00
										 |  |  |         'localhost-ecc', sign=True, key='param:secp384r1.pem' | 
					
						
							| 
									
										
										
										
											2018-01-20 15:16:30 +01:00
										 |  |  |     ) | 
					
						
							|  |  |  |     with open('keycertecc.pem', 'w') as f: | 
					
						
							|  |  |  |         f.write(key) | 
					
						
							|  |  |  |         f.write(cert) | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2016-09-06 23:25:35 +02:00
										 |  |  |     extra_san = [ | 
					
						
							|  |  |  |         'otherName.1 = 1.2.3.4;UTF8:some other identifier', | 
					
						
							|  |  |  |         'otherName.2 = 1.3.6.1.5.2.2;SEQUENCE:princ_name', | 
					
						
							|  |  |  |         'email.1 = user@example.org', | 
					
						
							|  |  |  |         'DNS.2 = www.example.org', | 
					
						
							|  |  |  |         # GEN_X400 | 
					
						
							|  |  |  |         'dirName.1 = dir_sect', | 
					
						
							|  |  |  |         # GEN_EDIPARTY | 
					
						
							|  |  |  |         'URI.1 = https://www.python.org/', | 
					
						
							|  |  |  |         'IP.1 = 127.0.0.1', | 
					
						
							|  |  |  |         'IP.2 = ::1', | 
					
						
							|  |  |  |         'RID.1 = 1.2.3.4.5', | 
					
						
							|  |  |  |     ] | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-04-17 10:07:19 +02:00
										 |  |  |     cert, key = make_cert_key('allsans', sign=True, extra_san='\n'.join(extra_san)) | 
					
						
							| 
									
										
										
										
											2016-09-06 23:25:35 +02:00
										 |  |  |     with open('allsans.pem', 'w') as f: | 
					
						
							|  |  |  |         f.write(key) | 
					
						
							|  |  |  |         f.write(cert) | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-01-20 15:16:30 +01:00
										 |  |  |     extra_san = [ | 
					
						
							|  |  |  |         # könig (king) | 
					
						
							|  |  |  |         'DNS.2 = xn--knig-5qa.idn.pythontest.net', | 
					
						
							|  |  |  |         # königsgäßchen (king's alleyway) | 
					
						
							|  |  |  |         'DNS.3 = xn--knigsgsschen-lcb0w.idna2003.pythontest.net', | 
					
						
							|  |  |  |         'DNS.4 = xn--knigsgchen-b4a3dun.idna2008.pythontest.net', | 
					
						
							|  |  |  |         # βόλοσ (marble) | 
					
						
							|  |  |  |         'DNS.5 = xn--nxasmq6b.idna2003.pythontest.net', | 
					
						
							|  |  |  |         'DNS.6 = xn--nxasmm1c.idna2008.pythontest.net', | 
					
						
							|  |  |  |     ] | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     # IDN SANS, signed | 
					
						
							| 
									
										
										
										
											2021-04-17 10:07:19 +02:00
										 |  |  |     cert, key = make_cert_key('idnsans', sign=True, extra_san='\n'.join(extra_san)) | 
					
						
							| 
									
										
										
										
											2018-01-20 15:16:30 +01:00
										 |  |  |     with open('idnsans.pem', 'w') as f: | 
					
						
							|  |  |  |         f.write(key) | 
					
						
							|  |  |  |         f.write(cert) | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-04-17 10:07:19 +02:00
										 |  |  |     cert, key = make_cert_key('nosan', sign=True, ext='req_x509_extensions_nosan') | 
					
						
							|  |  |  |     with open('nosan.pem', 'w') as f: | 
					
						
							|  |  |  |         f.write(key) | 
					
						
							|  |  |  |         f.write(cert) | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2013-01-05 21:20:29 +01:00
										 |  |  |     unmake_ca() | 
					
						
							| 
									
										
										
										
											2021-12-16 21:08:18 -08:00
										 |  |  |     print("update Lib/test/test_ssl.py and Lib/test/test_asyncio/utils.py") | 
					
						
							| 
									
										
										
										
											2018-01-20 15:16:30 +01:00
										 |  |  |     print_cert('keycert.pem') | 
					
						
							|  |  |  |     print_cert('keycert3.pem') |