"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "t/README-TLS.md" between
memcached-1.6.8.tar.gz and memcached-1.6.9.tar.gz

About: memcached is a high-performance, distributed memory object caching system, generic in nature, but originally intended for use in speeding up dynamic web applications by alleviating database load.

README-TLS.md  (memcached-1.6.8):README-TLS.md  (memcached-1.6.9)
# Certificates creation process # Certificates creation process
The following certificates are used in tests, that assume expiration date
to always be in the future, so instead of a normal cert validity of 1-5 years.
we use 500 years here.
## Create certificate authority key and certificate ## Create certificate authority key and certificate
``` ```
$ openssl genrsa -out cakey.pem 2048 $ openssl genrsa -out cakey.pem 2048
$ openssl req -x509 -new -nodes -key cakey.pem -sha256 -days 1825 -out cacert.pe m \ $ openssl req -x509 -new -nodes -key cakey.pem -sha256 -days 182500 -out cacert. pem \
-subj "/CN=Test Root Certificate Authority/ST=CA/C=US/emailAddress=root@test .com/O=Test/OU=Test Department" -subj "/CN=Test Root Certificate Authority/ST=CA/C=US/emailAddress=root@test .com/O=Test/OU=Test Department"
``` ```
## Create server key and certificate ## Create server key and certificate
``` ```
$ openssl genrsa -out server_key.pem 2048 $ openssl genrsa -out server_key.pem 2048
$ openssl req -new -sha256 -key server_key.pem \ $ openssl req -new -sha256 -key server_key.pem \
-subj "/C=US/ST=CA/O=Test/OU=Subunit of Test Organization/CN=test.com/emailA ddress=root@test.com" \ -subj "/C=US/ST=CA/O=Test/OU=Subunit of Test Organization/CN=test.com/emailA ddress=root@test.com" \
-addext "subjectAltName=DNS:test.com,DNS:alt.test.com" \ -addext "subjectAltName=DNS:test.com,DNS:alt.test.com" \
-out server_crt.csr -out server_crt.csr
$ openssl x509 -req -in server_crt.csr -CA cacert.pem -CAkey cakey.pem \ $ openssl x509 -req -in server_crt.csr -CA cacert.pem -CAkey cakey.pem \
-extfile <(printf "subjectAltName=DNS:test.com,DNS:alt.test.com") \ -extfile <(printf "subjectAltName=DNS:test.com,DNS:alt.test.com") \
-CAcreateserial -out server_crt.pem -days 1825 -sha256 -text -CAcreateserial -out server_crt.pem -days 182500 -sha256 -text
``` ```
## Create client key and certificate ## Create client key and certificate
``` ```
$ openssl genrsa -out client_key.pem 2048 $ openssl genrsa -out client_key.pem 2048
$ openssl req -new -sha256 -key client_key.pem \ $ openssl req -new -sha256 -key client_key.pem \
-subj "/C=US/ST=CA/O=Test Client/OU=Subunit of Test Organization/CN=client.t est.com/emailAddress=root@client.test.com" \ -subj "/C=US/ST=CA/O=Test Client/OU=Subunit of Test Organization/CN=client.t est.com/emailAddress=root@client.test.com" \
-addext "subjectAltName=DNS:client.test.com,DNS:alt.client.test.com" \ -addext "subjectAltName=DNS:client.test.com,DNS:alt.client.test.com" \
-out client_crt.csr -out client_crt.csr
$ openssl x509 -req -in client_crt.csr -CA cacert.pem -CAkey cakey.pem \ $ openssl x509 -req -in client_crt.csr -CA cacert.pem -CAkey cakey.pem \
-extfile <(printf "subjectAltName=DNS:client.test.com,DNS:alt.client.test.co m") \ -extfile <(printf "subjectAltName=DNS:client.test.com,DNS:alt.client.test.co m") \
-CAcreateserial -out client_crt.pem -days 1825 -sha256 -text -CAcreateserial -out client_crt.pem -days 182500 -sha256 -text
``` ```
**NOTES**: *.csr files are certificate signing requests which are needed in orde r to sign certificates with signing authority. **NOTES**: *.csr files are certificate signing requests which are needed in orde r to sign certificates with signing authority.
-CAcreateserial option creates one file which we do not need but openssl does. Y ou can delete it after you are done. -CAcreateserial option creates one file which we do not need but openssl does. Y ou can delete it after you are done.
 End of changes. 4 change blocks. 
3 lines changed or deleted 7 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)