Mercurial > hg > nginx-tests
comparison stream_ssl_certificate.t @ 1488:dbce8fb5f5f8
Tests: align with OpenSSL security level 2.
This updates minimum requirements to 2048 bit RSA keys and SHA-2 message digest.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Tue, 09 Jul 2019 13:37:55 +0300 |
parents | 889283abadf8 |
children | 144c6ce732e4 |
comparison
equal
deleted
inserted
replaced
1487:fe0765147e15 | 1488:dbce8fb5f5f8 |
---|---|
115 | 115 |
116 EOF | 116 EOF |
117 | 117 |
118 $t->write_file('openssl.conf', <<EOF); | 118 $t->write_file('openssl.conf', <<EOF); |
119 [ req ] | 119 [ req ] |
120 default_bits = 1024 | 120 default_bits = 2048 |
121 encrypt_key = no | 121 encrypt_key = no |
122 distinguished_name = req_distinguished_name | 122 distinguished_name = req_distinguished_name |
123 [ req_distinguished_name ] | 123 [ req_distinguished_name ] |
124 EOF | 124 EOF |
125 | 125 |
133 or die "Can't create certificate for $name: $!\n"; | 133 or die "Can't create certificate for $name: $!\n"; |
134 } | 134 } |
135 | 135 |
136 foreach my $name ('pass') { | 136 foreach my $name ('pass') { |
137 system("openssl genrsa -out $d/$name.key -passout pass:pass " | 137 system("openssl genrsa -out $d/$name.key -passout pass:pass " |
138 . "-aes128 1024 >>$d/openssl.out 2>&1") == 0 | 138 . "-aes128 2048 >>$d/openssl.out 2>&1") == 0 |
139 or die "Can't create $name key: $!\n"; | 139 or die "Can't create $name key: $!\n"; |
140 system("openssl req -x509 -new -config $d/openssl.conf " | 140 system("openssl req -x509 -new -config $d/openssl.conf " |
141 . "-subj /CN=$name/ -out $d/$name.crt -key $d/$name.key " | 141 . "-subj /CN=$name/ -out $d/$name.crt -key $d/$name.key " |
142 . "-passin pass:pass >>$d/openssl.out 2>&1") == 0 | 142 . "-passin pass:pass >>$d/openssl.out 2>&1") == 0 |
143 or die "Can't create $name certificate: $!\n"; | 143 or die "Can't create $name certificate: $!\n"; |