Mercurial > hg > nginx-tests
comparison stream_proxy_ssl_certificate.t @ 1488:dbce8fb5f5f8
Tests: align with OpenSSL security level 2.
This updates minimum requirements to 2048 bit RSA keys and SHA-2 message digest.
| author | Sergey Kandaurov <pluknet@nginx.com> |
|---|---|
| date | Tue, 09 Jul 2019 13:37:55 +0300 |
| parents | eadd24ccfda1 |
| children | f3ba4c74de31 |
comparison
equal
deleted
inserted
replaced
| 1487:fe0765147e15 | 1488:dbce8fb5f5f8 |
|---|---|
| 102 | 102 |
| 103 EOF | 103 EOF |
| 104 | 104 |
| 105 $t->write_file('openssl.conf', <<EOF); | 105 $t->write_file('openssl.conf', <<EOF); |
| 106 [ req ] | 106 [ req ] |
| 107 default_bits = 1024 | 107 default_bits = 2048 |
| 108 encrypt_key = no | 108 encrypt_key = no |
| 109 distinguished_name = req_distinguished_name | 109 distinguished_name = req_distinguished_name |
| 110 [ req_distinguished_name ] | 110 [ req_distinguished_name ] |
| 111 EOF | 111 EOF |
| 112 | 112 |
| 120 or die "Can't create certificate for $name: $!\n"; | 120 or die "Can't create certificate for $name: $!\n"; |
| 121 } | 121 } |
| 122 | 122 |
| 123 foreach my $name ('3.example.com') { | 123 foreach my $name ('3.example.com') { |
| 124 system("openssl genrsa -out $d/$name.key -passout pass:$name " | 124 system("openssl genrsa -out $d/$name.key -passout pass:$name " |
| 125 . "-aes128 1024 >>$d/openssl.out 2>&1") == 0 | 125 . "-aes128 2048 >>$d/openssl.out 2>&1") == 0 |
| 126 or die "Can't create private key: $!\n"; | 126 or die "Can't create private key: $!\n"; |
| 127 system('openssl req -x509 -new ' | 127 system('openssl req -x509 -new ' |
| 128 . "-config $d/openssl.conf -subj /CN=$name/ " | 128 . "-config $d/openssl.conf -subj /CN=$name/ " |
| 129 . "-out $d/$name.crt " | 129 . "-out $d/$name.crt " |
| 130 . "-key $d/$name.key -passin pass:$name" | 130 . "-key $d/$name.key -passin pass:$name" |