gfwleak/tsg-tsg-diagnose
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

1、修改badssl签发expired cert 时间 2、修改签发证书容器和宿主机时间同步

Browse Source
This commit is contained in:
fumingwei
2020-09-21 10:34:55 +08:00
parent 7791d81ecf
commit e6be48407b
4 changed files with 29 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
badssl.com/certs/Makefile
View File

@@ -166,7 +166,7 @@ $(O)/gen/chain/wildcard-sha512.pem: $(O)/gen/crt/wildcard-sha512.crt $(O)/gen/cr
################################ ################################
$(O)/gen/crt/wildcard-expired.crt: src/conf/wildcard.conf $(O)/gen/csr/wildcard-main.csr $(O)/gen/key/ca-intermediate.key $(O)/gen/crt/ca-intermediate.crt $(O)/gen/crt/wildcard-expired.crt: src/conf/wildcard.conf $(O)/gen/csr/wildcard-main.csr $(O)/gen/key/ca-intermediate.key $(O)/gen/crt/ca-intermediate.crt
# Too lazy to setup the loathsome mess that is openssl ca when I could just wait a day # Too lazy to setup the loathsome mess that is openssl ca when I could just wait a day
./tool sign $@ $(D) 1 sha256 req_v3_usr $^ ./tool sign $@ $(D) 0 sha256 req_v3_usr $^
CHAINS_PROD += $(O)/gen/chain/wildcard-expired.pem CHAINS_PROD += $(O)/gen/chain/wildcard-expired.pem
$(O)/gen/chain/wildcard-expired.pem: $(O)/gen/crt/wildcard-expired.crt $(O)/gen/crt/ca-intermediate.crt $(O)/gen/chain/wildcard-expired.pem: $(O)/gen/crt/wildcard-expired.crt $(O)/gen/crt/ca-intermediate.crt
./tool chain $@ $(D) $^ ./tool chain $@ $(D) $^

37
badssl.com/certs/tool
View File

@@ -83,17 +83,32 @@ self-sign)
-signkey $6 -signkey $6
;; ;;
sign) sign)
openssl x509 \ if [ $1 -eq 0 ];then
-req \ cmdstr="openssl x509 \
-CAcreateserial \ -req \
-days $1 \ -CAcreateserial \
-$2 \ -days 1 \
-out $OUT \ -$2 \
-extensions $3 \ -out $OUT \
-extfile <(cat $4 | sed "s/__DOMAIN__/$DOMAIN/g") \ -extensions $3 \
-in $5 \ -extfile <(cat $4 | sed "s/__DOMAIN__/$DOMAIN/g") \
-CAkey $6 \ -in $5 \
-CA $7 -CAkey $6 \
-CA $7"
faketime -1day /bin/bash -c "$cmdstr"
else
openssl x509 \
-req \
-CAcreateserial \
-days $1 \
-$2 \
-out $OUT \
-extensions $3 \
-extfile <(cat $4 | sed "s/__DOMAIN__/$DOMAIN/g") \
-in $5 \
-CAkey $6 \
-CA $7
fi
;; ;;
*) *)
echo "Unknown command." echo "Unknown command."

2
deploy/init_certs/init_badssl_certs.sh
View File

@@ -1,2 +1,2 @@
#!/bin/sh #!/bin/sh
docker run --rm -v /opt/tsg/tsg-diagnose/.badssl_cert_dict:/badssl.com/unittest_certs -it badssl-tsg-diagnose /bin/bash -c 'make certs-test >> /dev/null && cp -r certs common /badssl.com/unittest_certs' docker run --rm -v /opt/tsg/tsg-diagnose/.badssl_cert_dict:/badssl.com/unittest_certs -v /etc/localtime:/etc/localtime:ro -it badssl-tsg-diagnose /bin/bash -c 'make certs-test >> /dev/null && cp -r certs common /badssl.com/unittest_certs'

2
docker-compose/docker-compose.yml
View File

@@ -19,7 +19,7 @@ services:
command: > command: >
bash -c "ifconfig eth0 hw ether 02:42:c0:a8:fd:82 bash -c "ifconfig eth0 hw ether 02:42:c0:a8:fd:82
&& arp -i eth0 -s 192.0.2.3 02:42:C0:A8:FD:03 && arp -i eth0 -s 192.0.2.3 02:42:C0:A8:FD:03
&& cp -r cp -r /badssl.com/unittest_certs/certs /badssl.com/unittest_certs/common /badssl.com && cp -r /badssl.com/unittest_certs/certs /badssl.com/unittest_certs/common /badssl.com
&& make inside-docker && make inside-docker
&& nginx && nginx
&& tail -f /dev/null" && tail -f /dev/null"