-
Notifications
You must be signed in to change notification settings - Fork 50
Expand file tree
/
Copy pathunittests.readme
More file actions
19 lines (14 loc) · 1.02 KB
/
unittests.readme
File metadata and controls
19 lines (14 loc) · 1.02 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
--- README FOR unittests.* files ---
These files are used in unit tests that create TLS connections between a
localhost server and client. We use a single self-signed certificate which
serves as both the server's certificate and the client's root CA.
unittests.key: private key
unittests.crt: self-signed certificate
unittests.conf: configuration for generating unittests.crt
unittests.p12: pkcs#12 file bundling the certificate and private key. Password is "1234"
Apple won't trust any certificate whose lifetime is over 825 days.
Once it expires unit tests will start failing and it will need to be updated like so:
$ openssl req -x509 -new -key unittests.key -config unittests.conf -out unittests.crt -days 824
$ openssl pkcs12 -export -out unittests.p12 -inkey unittests.key -in unittests.crt -password pass:1234 -keypbe PBE-SHA1-3DES -certpbe PBE-SHA1-3DES -macalg sha1
Note: The PKCS#12 command uses SHA1 and 3DES encryption for macOS compatibility.
Modern OpenSSL 3.x defaults to algorithms that macOS Security Framework cannot import.