-
David Benjamin authored
Refreshing all the test certificates is tedious, however generate-test-certs.sh cannot be run incrementally right now: 1. Every time it is run, the CA private keys change, so all certificates have to be refreshed. This usually breaks pinning tests, etc., and is an unnecessary complication. 2. Serial numbers must not collide. Despite this, we try to manually run things anyway, with the result that the currently checked in certificates do not match the script output in serial number! I suspect we removed a certificate in the middle of the tower at some point. To make this a bit friendlier: 1. Preserving the root and intermeidate keys if already present. 2. Randomizing the certificate serial numbers rather than counting incrementally. This means that a developer can run the script and only check in the certificate they care about. Bug: 984685 Change-Id: I3c0b0e85654dd62f82fb83f90fd1252ebbaa3135 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1918385Reviewed-by:
Matt Mueller <mattm@chromium.org> Commit-Queue: David Benjamin <davidben@chromium.org> Cr-Commit-Position: refs/heads/master@{#716029}
39a93dde
