Mercurial > hg > nginx-tests
comparison ssl_certificates.t @ 1488:dbce8fb5f5f8
Tests: align with OpenSSL security level 2.
This updates minimum requirements to 2048 bit RSA keys and SHA-2 message digest.
| author | Sergey Kandaurov <pluknet@nginx.com> |
|---|---|
| date | Tue, 09 Jul 2019 13:37:55 +0300 |
| parents | 4e48bf51714f |
| children | 0e1865aa9b33 |
comparison
equal
deleted
inserted
replaced
| 1487:fe0765147e15 | 1488:dbce8fb5f5f8 |
|---|---|
| 68 | 68 |
| 69 EOF | 69 EOF |
| 70 | 70 |
| 71 $t->write_file('openssl.conf', <<EOF); | 71 $t->write_file('openssl.conf', <<EOF); |
| 72 [ req ] | 72 [ req ] |
| 73 default_bits = 1024 | 73 default_bits = 2048 |
| 74 encrypt_key = no | 74 encrypt_key = no |
| 75 distinguished_name = req_distinguished_name | 75 distinguished_name = req_distinguished_name |
| 76 [ req_distinguished_name ] | 76 [ req_distinguished_name ] |
| 77 EOF | 77 EOF |
| 78 | 78 |
| 79 my $d = $t->testdir(); | 79 my $d = $t->testdir(); |
| 80 | 80 |
| 81 system("openssl ecparam -genkey -out $d/ec.key -name prime256v1 " | 81 system("openssl ecparam -genkey -out $d/ec.key -name prime256v1 " |
| 82 . ">>$d/openssl.out 2>&1") == 0 or die "Can't create EC pem: $!\n"; | 82 . ">>$d/openssl.out 2>&1") == 0 or die "Can't create EC pem: $!\n"; |
| 83 system("openssl genrsa -out $d/rsa.key 1024 >>$d/openssl.out 2>&1") == 0 | 83 system("openssl genrsa -out $d/rsa.key 2048 >>$d/openssl.out 2>&1") == 0 |
| 84 or die "Can't create RSA pem: $!\n"; | 84 or die "Can't create RSA pem: $!\n"; |
| 85 | 85 |
| 86 foreach my $name ('ec', 'rsa') { | 86 foreach my $name ('ec', 'rsa') { |
| 87 system("openssl req -x509 -new -key $d/$name.key " | 87 system("openssl req -x509 -new -key $d/$name.key " |
| 88 . "-config $d/openssl.conf -subj /CN=$name/ " | 88 . "-config $d/openssl.conf -subj /CN=$name/ " |