Mercurial > hg > nginx-tests
comparison proxy_ssl_certificate.t @ 1488:dbce8fb5f5f8
Tests: align with OpenSSL security level 2.
This updates minimum requirements to 2048 bit RSA keys and SHA-2 message digest.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Tue, 09 Jul 2019 13:37:55 +0300 |
parents | eadd24ccfda1 |
children | b5036a0f9ae0 |
comparison
equal
deleted
inserted
replaced
1487:fe0765147e15 | 1488:dbce8fb5f5f8 |
---|---|
98 | 98 |
99 EOF | 99 EOF |
100 | 100 |
101 $t->write_file('openssl.conf', <<EOF); | 101 $t->write_file('openssl.conf', <<EOF); |
102 [ req ] | 102 [ req ] |
103 default_bits = 1024 | 103 default_bits = 2048 |
104 encrypt_key = no | 104 encrypt_key = no |
105 distinguished_name = req_distinguished_name | 105 distinguished_name = req_distinguished_name |
106 [ req_distinguished_name ] | 106 [ req_distinguished_name ] |
107 EOF | 107 EOF |
108 | 108 |
116 or die "Can't create certificate for $name: $!\n"; | 116 or die "Can't create certificate for $name: $!\n"; |
117 } | 117 } |
118 | 118 |
119 foreach my $name ('3.example.com') { | 119 foreach my $name ('3.example.com') { |
120 system("openssl genrsa -out $d/$name.key -passout pass:$name " | 120 system("openssl genrsa -out $d/$name.key -passout pass:$name " |
121 . "-aes128 1024 >>$d/openssl.out 2>&1") == 0 | 121 . "-aes128 2048 >>$d/openssl.out 2>&1") == 0 |
122 or die "Can't create private key: $!\n"; | 122 or die "Can't create private key: $!\n"; |
123 system('openssl req -x509 -new ' | 123 system('openssl req -x509 -new ' |
124 . "-config $d/openssl.conf -subj /CN=$name/ " | 124 . "-config $d/openssl.conf -subj /CN=$name/ " |
125 . "-out $d/$name.crt " | 125 . "-out $d/$name.crt " |
126 . "-key $d/$name.key -passin pass:$name" | 126 . "-key $d/$name.key -passin pass:$name" |