Part of bzrlib.tests.ssl_certs
The https server requires at least a key and a certificate to start.
SSL keys and certificates are created with openssl which may not be available everywhere we want to run the test suite.
To simplify test writing, the necessary keys and certificates are generated by this script and used by the tests.
Since creating these test keys and certificates requires a good knowledge of openssl and a lot of typing, we record all the needed parameters here.
Since this will be used rarely, no effort has been made to handle exotic errors, the basic policy is that openssl should be available in the path and the parameters should be correct, any error will abort the script. Feel free to enhance that.
This script provides options for building any individual files or two options to build the certificate authority files (--ca) or the server files (--server).
|Function||needs||Errors out if the specified path does not exists|
|Function||rm_f||rm -f path|
|Function||build_ca_key||Generate an ssl certificate authority private key.|
|Function||build_ca_certificate||Generate an ssl certificate authority private key.|
|Function||build_server_key||Generate an ssl server private key.|
|Function||build_server_signing_request||Create a CSR (certificate signing request) to get signed by the CA|
|Function||sign_server_certificate||CA signs server csr|
|Function||_openssl||Execute a command in a subproces feeding stdin with the provided input.|
|Returns||(returncode, stdout, stderr)|
We generates a key with a password and then copy it without password so that as server can user it without prompting.