Mercurial > hg > nginx-tests
comparison stream_ssl_certificate.t @ 1488:dbce8fb5f5f8
Tests: align with OpenSSL security level 2.
This updates minimum requirements to 2048 bit RSA keys and SHA-2 message digest.
| author | Sergey Kandaurov <pluknet@nginx.com> |
|---|---|
| date | Tue, 09 Jul 2019 13:37:55 +0300 |
| parents | 889283abadf8 |
| children | 144c6ce732e4 |
comparison
equal
deleted
inserted
replaced
| 1487:fe0765147e15 | 1488:dbce8fb5f5f8 |
|---|---|
| 115 | 115 |
| 116 EOF | 116 EOF |
| 117 | 117 |
| 118 $t->write_file('openssl.conf', <<EOF); | 118 $t->write_file('openssl.conf', <<EOF); |
| 119 [ req ] | 119 [ req ] |
| 120 default_bits = 1024 | 120 default_bits = 2048 |
| 121 encrypt_key = no | 121 encrypt_key = no |
| 122 distinguished_name = req_distinguished_name | 122 distinguished_name = req_distinguished_name |
| 123 [ req_distinguished_name ] | 123 [ req_distinguished_name ] |
| 124 EOF | 124 EOF |
| 125 | 125 |
| 133 or die "Can't create certificate for $name: $!\n"; | 133 or die "Can't create certificate for $name: $!\n"; |
| 134 } | 134 } |
| 135 | 135 |
| 136 foreach my $name ('pass') { | 136 foreach my $name ('pass') { |
| 137 system("openssl genrsa -out $d/$name.key -passout pass:pass " | 137 system("openssl genrsa -out $d/$name.key -passout pass:pass " |
| 138 . "-aes128 1024 >>$d/openssl.out 2>&1") == 0 | 138 . "-aes128 2048 >>$d/openssl.out 2>&1") == 0 |
| 139 or die "Can't create $name key: $!\n"; | 139 or die "Can't create $name key: $!\n"; |
| 140 system("openssl req -x509 -new -config $d/openssl.conf " | 140 system("openssl req -x509 -new -config $d/openssl.conf " |
| 141 . "-subj /CN=$name/ -out $d/$name.crt -key $d/$name.key " | 141 . "-subj /CN=$name/ -out $d/$name.crt -key $d/$name.key " |
| 142 . "-passin pass:pass >>$d/openssl.out 2>&1") == 0 | 142 . "-passin pass:pass >>$d/openssl.out 2>&1") == 0 |
| 143 or die "Can't create $name certificate: $!\n"; | 143 or die "Can't create $name certificate: $!\n"; |