Mercurial > hg > nginx-tests
comparison ssl_engine_keys.t @ 1488:dbce8fb5f5f8
Tests: align with OpenSSL security level 2.
This updates minimum requirements to 2048 bit RSA keys and SHA-2 message digest.
| author | Sergey Kandaurov <pluknet@nginx.com> |
|---|---|
| date | Tue, 09 Jul 2019 13:37:55 +0300 |
| parents | 44973a23b031 |
| children | 144c6ce732e4 |
comparison
equal
deleted
inserted
replaced
| 1487:fe0765147e15 | 1488:dbce8fb5f5f8 |
|---|---|
| 104 MODULE_PATH = /usr/local/lib/softhsm/libsofthsm.so | 104 MODULE_PATH = /usr/local/lib/softhsm/libsofthsm.so |
| 105 init = 1 | 105 init = 1 |
| 106 PIN = 1234 | 106 PIN = 1234 |
| 107 | 107 |
| 108 [ req ] | 108 [ req ] |
| 109 default_bits = 1024 | 109 default_bits = 2048 |
| 110 encrypt_key = no | 110 encrypt_key = no |
| 111 distinguished_name = req_distinguished_name | 111 distinguished_name = req_distinguished_name |
| 112 [ req_distinguished_name ] | 112 [ req_distinguished_name ] |
| 113 EOF | 113 EOF |
| 114 | 114 |
| 125 system('softhsm --init-token --slot 0 --label "NginxZero" ' | 125 system('softhsm --init-token --slot 0 --label "NginxZero" ' |
| 126 . '--pin 1234 --so-pin 1234 ' | 126 . '--pin 1234 --so-pin 1234 ' |
| 127 . ">>$d/openssl.out 2>&1"); | 127 . ">>$d/openssl.out 2>&1"); |
| 128 | 128 |
| 129 system('pkcs11-tool --module=/usr/local/lib/softhsm/libsofthsm.so ' | 129 system('pkcs11-tool --module=/usr/local/lib/softhsm/libsofthsm.so ' |
| 130 . '-p 1234 -l -k -d 0 -a nx_key_0 --key-type rsa:1024 ' | 130 . '-p 1234 -l -k -d 0 -a nx_key_0 --key-type rsa:2048 ' |
| 131 . ">>$d/openssl.out 2>&1"); | 131 . ">>$d/openssl.out 2>&1"); |
| 132 | 132 |
| 133 system('openssl req -x509 -new -engine pkcs11 ' | 133 system('openssl req -x509 -new -engine pkcs11 ' |
| 134 . "-config $d/openssl.conf -subj /CN=$name/ " | 134 . "-config $d/openssl.conf -subj /CN=$name/ " |
| 135 . "-out $d/$name.crt -keyform engine -text -key id_00 " | 135 . "-out $d/$name.crt -keyform engine -text -key id_00 " |