Create a "client-nopass.pem" for use with Python requests, and add it to the download page.

Quuxplusone · Quuxplusone · commit be4d81eeaf96 · 2022-03-31T12:34:52.000-04:00
Partly addresses #369. Using a passphrase other than "badssl.com" for the other files would also be great, but is a larger change, I think.
diff --git a/Makefile b/Makefile
@@ -41,6 +41,7 @@ certs-test:
 	cp certs/sets/current/gen/crt/ca-untrusted-root.crt common/certs
 	cp certs/sets/current/gen/crt/client.p12 common/certs/${TEST_DOMAIN}-client.p12
 	cp certs/sets/current/gen/crt/client.pem common/certs/${TEST_DOMAIN}-client.pem
+	cp certs/sets/current/gen/crt/client-nopass.pem common/certs/${TEST_DOMAIN}-client-nopass.pem
 
 .PHONY: certs-prod
 certs-prod:
@@ -51,6 +52,7 @@ certs-prod:
 	cp certs/sets/current/gen/crt/ca-untrusted-root.crt common/certs
 	cp certs/sets/current/gen/crt/client.p12 common/certs/${PROD_DOMAIN}-client.p12
 	cp certs/sets/current/gen/crt/client.pem common/certs/${PROD_DOMAIN}-client.pem
+	cp certs/sets/current/gen/crt/client-nopass.pem common/certs/${PROD_DOMAIN}-client-nopass.pem
 
 .PHONY: clean-certs
 clean-certs:
diff --git a/certs/Makefile b/certs/Makefile
@@ -73,7 +73,10 @@ $(O)/gen/crt/client.p12: $(O)/gen/crt/client.crt $(O)/gen/key/client.key
 	./tool gen-pkcs12-p12 $@ $(D) $^
 $(O)/gen/crt/client.pem: $(O)/gen/crt/client.p12
 	./tool pkcs12-convert-p12-pem $@ $(D) $^
+$(O)/gen/crt/client-nopass.pem: $(O)/gen/crt/client.p12
+	./tool pkcs12-convert-p12-pem-nopass $@ $(D) $^
 CHAINS_PROD += $(O)/gen/crt/client.pem
+CHAINS_PROD += $(O)/gen/crt/client-nopass.pem
 
 ################################
 $(O)/gen/key/ca-untrusted-root.key:
diff --git a/certs/tool b/certs/tool
@@ -72,6 +72,13 @@ pkcs12-convert-p12-pem)
     -passout "pass:$DOMAIN" \
     -in $1
   ;;
+pkcs12-convert-p12-pem-nopass)
+  openssl pkcs12 \
+    -out $OUT \
+    -clcerts \
+    -passin "pass:$DOMAIN" \
+    -in $1
+  ;;
 self-sign)
   openssl x509  -req  -CAcreateserial \
     -out $OUT \
diff --git a/domains/misc/badssl.com/download/index.html b/domains/misc/badssl.com/download/index.html
@@ -22,7 +22,7 @@ <h2>Client Certificates</h2>
   <table>
     <thead>
       <td>Download</td>
-      <td>Password</td>
+      <td>Passphrase</td>
       <td>Format</td>
     </thead>
     <tbody>
@@ -36,6 +36,11 @@ <h2>Client Certificates</h2>
         <td><b><code>{{ site.domain }}</code></b></td>
         <td>PEM</td>
       </tr>
+      <tr>
+        <td><a href="/certs/{{ site.domain }}-client-nopass.pem">{{ site.domain }}-client-nopass.pem</a></td>
+        <td>&mdash;</td>
+        <td>PEM</td>
+      </tr>
     </tbody>
   </table>
 </div>
