Mercurial > hg > nginx-tests
comparison ssl_certificates.t @ 1488:dbce8fb5f5f8
Tests: align with OpenSSL security level 2.
This updates minimum requirements to 2048 bit RSA keys and SHA-2 message digest.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Tue, 09 Jul 2019 13:37:55 +0300 |
parents | 4e48bf51714f |
children | 0e1865aa9b33 |
comparison
equal
deleted
inserted
replaced
1487:fe0765147e15 | 1488:dbce8fb5f5f8 |
---|---|
68 | 68 |
69 EOF | 69 EOF |
70 | 70 |
71 $t->write_file('openssl.conf', <<EOF); | 71 $t->write_file('openssl.conf', <<EOF); |
72 [ req ] | 72 [ req ] |
73 default_bits = 1024 | 73 default_bits = 2048 |
74 encrypt_key = no | 74 encrypt_key = no |
75 distinguished_name = req_distinguished_name | 75 distinguished_name = req_distinguished_name |
76 [ req_distinguished_name ] | 76 [ req_distinguished_name ] |
77 EOF | 77 EOF |
78 | 78 |
79 my $d = $t->testdir(); | 79 my $d = $t->testdir(); |
80 | 80 |
81 system("openssl ecparam -genkey -out $d/ec.key -name prime256v1 " | 81 system("openssl ecparam -genkey -out $d/ec.key -name prime256v1 " |
82 . ">>$d/openssl.out 2>&1") == 0 or die "Can't create EC pem: $!\n"; | 82 . ">>$d/openssl.out 2>&1") == 0 or die "Can't create EC pem: $!\n"; |
83 system("openssl genrsa -out $d/rsa.key 1024 >>$d/openssl.out 2>&1") == 0 | 83 system("openssl genrsa -out $d/rsa.key 2048 >>$d/openssl.out 2>&1") == 0 |
84 or die "Can't create RSA pem: $!\n"; | 84 or die "Can't create RSA pem: $!\n"; |
85 | 85 |
86 foreach my $name ('ec', 'rsa') { | 86 foreach my $name ('ec', 'rsa') { |
87 system("openssl req -x509 -new -key $d/$name.key " | 87 system("openssl req -x509 -new -key $d/$name.key " |
88 . "-config $d/openssl.conf -subj /CN=$name/ " | 88 . "-config $d/openssl.conf -subj /CN=$name/ " |