Mercurial > hg > nginx-tests
comparison ssl_engine_keys.t @ 1488:dbce8fb5f5f8
Tests: align with OpenSSL security level 2.
This updates minimum requirements to 2048 bit RSA keys and SHA-2 message digest.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Tue, 09 Jul 2019 13:37:55 +0300 |
parents | 44973a23b031 |
children | 144c6ce732e4 |
comparison
equal
deleted
inserted
replaced
1487:fe0765147e15 | 1488:dbce8fb5f5f8 |
---|---|
104 MODULE_PATH = /usr/local/lib/softhsm/libsofthsm.so | 104 MODULE_PATH = /usr/local/lib/softhsm/libsofthsm.so |
105 init = 1 | 105 init = 1 |
106 PIN = 1234 | 106 PIN = 1234 |
107 | 107 |
108 [ req ] | 108 [ req ] |
109 default_bits = 1024 | 109 default_bits = 2048 |
110 encrypt_key = no | 110 encrypt_key = no |
111 distinguished_name = req_distinguished_name | 111 distinguished_name = req_distinguished_name |
112 [ req_distinguished_name ] | 112 [ req_distinguished_name ] |
113 EOF | 113 EOF |
114 | 114 |
125 system('softhsm --init-token --slot 0 --label "NginxZero" ' | 125 system('softhsm --init-token --slot 0 --label "NginxZero" ' |
126 . '--pin 1234 --so-pin 1234 ' | 126 . '--pin 1234 --so-pin 1234 ' |
127 . ">>$d/openssl.out 2>&1"); | 127 . ">>$d/openssl.out 2>&1"); |
128 | 128 |
129 system('pkcs11-tool --module=/usr/local/lib/softhsm/libsofthsm.so ' | 129 system('pkcs11-tool --module=/usr/local/lib/softhsm/libsofthsm.so ' |
130 . '-p 1234 -l -k -d 0 -a nx_key_0 --key-type rsa:1024 ' | 130 . '-p 1234 -l -k -d 0 -a nx_key_0 --key-type rsa:2048 ' |
131 . ">>$d/openssl.out 2>&1"); | 131 . ">>$d/openssl.out 2>&1"); |
132 | 132 |
133 system('openssl req -x509 -new -engine pkcs11 ' | 133 system('openssl req -x509 -new -engine pkcs11 ' |
134 . "-config $d/openssl.conf -subj /CN=$name/ " | 134 . "-config $d/openssl.conf -subj /CN=$name/ " |
135 . "-out $d/$name.crt -keyform engine -text -key id_00 " | 135 . "-out $d/$name.crt -keyform engine -text -key id_00 " |