1、修改badssl签发expired cert 时间 2、修改签发证书容器和宿主机时间同步

2020-09-21 10:34:55 +08:00
parent 7791d81ecf
commit e6be48407b
4 changed files with 29 additions and 14 deletions
--- a/badssl.com/certs/Makefile
+++ b/badssl.com/certs/Makefile
@@ -166,7 +166,7 @@ $(O)/gen/chain/wildcard-sha512.pem: $(O)/gen/crt/wildcard-sha512.crt $(O)/gen/cr
 ################################
 $(O)/gen/crt/wildcard-expired.crt: src/conf/wildcard.conf $(O)/gen/csr/wildcard-main.csr $(O)/gen/key/ca-intermediate.key $(O)/gen/crt/ca-intermediate.crt
 	# Too lazy to setup the loathsome mess that is openssl ca when I could just wait a day
-	./tool sign $@ $(D) 1 sha256 req_v3_usr $^
+	./tool sign $@ $(D) 0 sha256 req_v3_usr $^
 CHAINS_PROD += $(O)/gen/chain/wildcard-expired.pem
 $(O)/gen/chain/wildcard-expired.pem: $(O)/gen/crt/wildcard-expired.crt $(O)/gen/crt/ca-intermediate.crt
 	./tool chain $@ $(D) $^
--- a/badssl.com/certs/tool
+++ b/badssl.com/certs/tool
@@ -83,17 +83,32 @@ self-sign)
    -signkey $6
  ;;
 sign)
-  openssl x509 \
-    -req \
-    -CAcreateserial \
-    -days $1 \
-    -$2 \
-    -out $OUT \
-    -extensions $3 \
-    -extfile <(cat $4 | sed "s/__DOMAIN__/$DOMAIN/g") \
-    -in $5 \
-    -CAkey $6 \
-    -CA $7
+  if [ $1 -eq 0 ];then
+        cmdstr="openssl x509 \
+        -req \
+        -CAcreateserial \
+        -days 1 \
+        -$2 \
+        -out $OUT \
+        -extensions $3 \
+        -extfile <(cat $4 | sed "s/__DOMAIN__/$DOMAIN/g") \
+        -in $5 \
+        -CAkey $6 \
+        -CA $7"
+        faketime -1day /bin/bash -c "$cmdstr"
+  else
+        openssl x509 \
+        -req \
+        -CAcreateserial \
+        -days $1 \
+        -$2 \
+        -out $OUT \
+        -extensions $3 \
+        -extfile <(cat $4 | sed "s/__DOMAIN__/$DOMAIN/g") \
+        -in $5 \
+        -CAkey $6 \
+        -CA $7
+  fi
  ;;
 *)
  echo "Unknown command."
--- a/deploy/init_certs/init_badssl_certs.sh
+++ b/deploy/init_certs/init_badssl_certs.sh
@@ -1,2 +1,2 @@
 #!/bin/sh
-docker run  --rm -v /opt/tsg/tsg-diagnose/.badssl_cert_dict:/badssl.com/unittest_certs  -it badssl-tsg-diagnose /bin/bash -c 'make certs-test >> /dev/null && cp -r certs common /badssl.com/unittest_certs'
+docker run  --rm -v /opt/tsg/tsg-diagnose/.badssl_cert_dict:/badssl.com/unittest_certs -v /etc/localtime:/etc/localtime:ro -it badssl-tsg-diagnose /bin/bash -c 'make certs-test >> /dev/null && cp -r certs common /badssl.com/unittest_certs'
--- a/docker-compose/docker-compose.yml
+++ b/docker-compose/docker-compose.yml
@@ -19,7 +19,7 @@ services:
    command: >
      bash -c "ifconfig eth0 hw ether 02:42:c0:a8:fd:82
      && arp -i eth0 -s 192.0.2.3 02:42:C0:A8:FD:03 
-      && cp -r cp -r /badssl.com/unittest_certs/certs /badssl.com/unittest_certs/common /badssl.com
+      && cp -r /badssl.com/unittest_certs/certs /badssl.com/unittest_certs/common /badssl.com
      && make inside-docker
      && nginx
      && tail -f /dev/null"