Mercurial > hg > nginx-tests
comparison mail_ssl.t @ 1488:dbce8fb5f5f8
Tests: align with OpenSSL security level 2.
This updates minimum requirements to 2048 bit RSA keys and SHA-2 message digest.
| author | Sergey Kandaurov <pluknet@nginx.com> |
|---|---|
| date | Tue, 09 Jul 2019 13:37:55 +0300 |
| parents | 918bf90466e0 |
| children | fd440d324700 |
comparison
equal
deleted
inserted
replaced
| 1487:fe0765147e15 | 1488:dbce8fb5f5f8 |
|---|---|
| 137 | 137 |
| 138 EOF | 138 EOF |
| 139 | 139 |
| 140 $t->write_file('openssl.conf', <<EOF); | 140 $t->write_file('openssl.conf', <<EOF); |
| 141 [ req ] | 141 [ req ] |
| 142 default_bits = 1024 | 142 default_bits = 2048 |
| 143 encrypt_key = no | 143 encrypt_key = no |
| 144 distinguished_name = req_distinguished_name | 144 distinguished_name = req_distinguished_name |
| 145 [ req_distinguished_name ] | 145 [ req_distinguished_name ] |
| 146 EOF | 146 EOF |
| 147 | 147 |
| 148 my $d = $t->testdir(); | 148 my $d = $t->testdir(); |
| 149 | 149 |
| 150 foreach my $name ('localhost', 'inherits') { | 150 foreach my $name ('localhost', 'inherits') { |
| 151 system("openssl genrsa -out $d/$name.key -passout pass:localhost " | 151 system("openssl genrsa -out $d/$name.key -passout pass:localhost " |
| 152 . "-aes128 1024 >>$d/openssl.out 2>&1") == 0 | 152 . "-aes128 2048 >>$d/openssl.out 2>&1") == 0 |
| 153 or die "Can't create private key: $!\n"; | 153 or die "Can't create private key: $!\n"; |
| 154 system('openssl req -x509 -new ' | 154 system('openssl req -x509 -new ' |
| 155 . "-config $d/openssl.conf -subj /CN=$name/ " | 155 . "-config $d/openssl.conf -subj /CN=$name/ " |
| 156 . "-out $d/$name.crt " | 156 . "-out $d/$name.crt " |
| 157 . "-key $d/$name.key -passin pass:localhost" | 157 . "-key $d/$name.key -passin pass:localhost" |