Mercurial > hg > nginx-tests
comparison stream_ssl.t @ 1488:dbce8fb5f5f8
Tests: align with OpenSSL security level 2.
This updates minimum requirements to 2048 bit RSA keys and SHA-2 message digest.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Tue, 09 Jul 2019 13:37:55 +0300 |
parents | 0af58b78df35 |
children | f3ba4c74de31 |
comparison
equal
deleted
inserted
replaced
1487:fe0765147e15 | 1488:dbce8fb5f5f8 |
---|---|
90 | 90 |
91 EOF | 91 EOF |
92 | 92 |
93 $t->write_file('openssl.conf', <<EOF); | 93 $t->write_file('openssl.conf', <<EOF); |
94 [ req ] | 94 [ req ] |
95 default_bits = 1024 | 95 default_bits = 2048 |
96 encrypt_key = no | 96 encrypt_key = no |
97 distinguished_name = req_distinguished_name | 97 distinguished_name = req_distinguished_name |
98 [ req_distinguished_name ] | 98 [ req_distinguished_name ] |
99 EOF | 99 EOF |
100 | 100 |
101 my $d = $t->testdir(); | 101 my $d = $t->testdir(); |
102 mkfifo("$d/password_fifo", 0700); | 102 mkfifo("$d/password_fifo", 0700); |
103 | 103 |
104 foreach my $name ('localhost', 'inherits') { | 104 foreach my $name ('localhost', 'inherits') { |
105 system("openssl genrsa -out $d/$name.key -passout pass:$name " | 105 system("openssl genrsa -out $d/$name.key -passout pass:$name " |
106 . "-aes128 1024 >>$d/openssl.out 2>&1") == 0 | 106 . "-aes128 2048 >>$d/openssl.out 2>&1") == 0 |
107 or die "Can't create private key: $!\n"; | 107 or die "Can't create private key: $!\n"; |
108 system('openssl req -x509 -new ' | 108 system('openssl req -x509 -new ' |
109 . "-config $d/openssl.conf -subj /CN=$name/ " | 109 . "-config $d/openssl.conf -subj /CN=$name/ " |
110 . "-out $d/$name.crt " | 110 . "-out $d/$name.crt " |
111 . "-key $d/$name.key -passin pass:$name" | 111 . "-key $d/$name.key -passin pass:$name" |