Mercurial > hg > nginx-tests
comparison mail_ssl.t @ 1488:dbce8fb5f5f8
Tests: align with OpenSSL security level 2.
This updates minimum requirements to 2048 bit RSA keys and SHA-2 message digest.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Tue, 09 Jul 2019 13:37:55 +0300 |
parents | 918bf90466e0 |
children | fd440d324700 |
comparison
equal
deleted
inserted
replaced
1487:fe0765147e15 | 1488:dbce8fb5f5f8 |
---|---|
137 | 137 |
138 EOF | 138 EOF |
139 | 139 |
140 $t->write_file('openssl.conf', <<EOF); | 140 $t->write_file('openssl.conf', <<EOF); |
141 [ req ] | 141 [ req ] |
142 default_bits = 1024 | 142 default_bits = 2048 |
143 encrypt_key = no | 143 encrypt_key = no |
144 distinguished_name = req_distinguished_name | 144 distinguished_name = req_distinguished_name |
145 [ req_distinguished_name ] | 145 [ req_distinguished_name ] |
146 EOF | 146 EOF |
147 | 147 |
148 my $d = $t->testdir(); | 148 my $d = $t->testdir(); |
149 | 149 |
150 foreach my $name ('localhost', 'inherits') { | 150 foreach my $name ('localhost', 'inherits') { |
151 system("openssl genrsa -out $d/$name.key -passout pass:localhost " | 151 system("openssl genrsa -out $d/$name.key -passout pass:localhost " |
152 . "-aes128 1024 >>$d/openssl.out 2>&1") == 0 | 152 . "-aes128 2048 >>$d/openssl.out 2>&1") == 0 |
153 or die "Can't create private key: $!\n"; | 153 or die "Can't create private key: $!\n"; |
154 system('openssl req -x509 -new ' | 154 system('openssl req -x509 -new ' |
155 . "-config $d/openssl.conf -subj /CN=$name/ " | 155 . "-config $d/openssl.conf -subj /CN=$name/ " |
156 . "-out $d/$name.crt " | 156 . "-out $d/$name.crt " |
157 . "-key $d/$name.key -passin pass:localhost" | 157 . "-key $d/$name.key -passin pass:localhost" |