Mercurial > hg > nginx-tests
comparison ssl_password_file.t @ 423:1ac74b568503
Tests: unbreak ssl_password_file.t with upcoming OpenSSL 1.0.2.
The 512-bit keys, as generated by default by "openssl genrsa" in older
versions, are rejected by OpenSSL library built from master branch (and
upcoming OpenSSL 1.0.2). This brokes the test if the "openssl" binary
is old (e.g., system one), but nginx is compiled against new OpenSSL.
Fix is to explicitly generate 2048 bit keys. This is also consistent to
what we generate in other places.
| author | Maxim Dounin <mdounin@mdounin.ru> |
|---|---|
| date | Thu, 03 Jul 2014 05:47:37 +0400 |
| parents | e8db4355fe0b |
| children | a82b02635614 |
comparison
equal
deleted
inserted
replaced
| 422:ddc4b1011333 | 423:1ac74b568503 |
|---|---|
| 94 | 94 |
| 95 my $d = $t->testdir(); | 95 my $d = $t->testdir(); |
| 96 mkfifo("$d/password_fifo", 0700); | 96 mkfifo("$d/password_fifo", 0700); |
| 97 | 97 |
| 98 foreach my $name ('localhost', 'inherits') { | 98 foreach my $name ('localhost', 'inherits') { |
| 99 system("openssl genrsa -out $d/$name.key -passout pass:$name " | 99 system("openssl genrsa -out $d/$name.key -passout pass:$name 2048 " |
| 100 . ">>$d/openssl.out 2>&1") == 0 | 100 . ">>$d/openssl.out 2>&1") == 0 |
| 101 or die "Can't create private key: $!\n"; | 101 or die "Can't create private key: $!\n"; |
| 102 system('openssl req -x509 -new ' | 102 system('openssl req -x509 -new ' |
| 103 . "-config '$d/openssl.conf' -subj '/CN=$name/' " | 103 . "-config '$d/openssl.conf' -subj '/CN=$name/' " |
| 104 . "-out '$d/$name.crt' " | 104 . "-out '$d/$name.crt' " |