Mercurial > hg > nginx-tests
changeset 1488:dbce8fb5f5f8
Tests: align with OpenSSL security level 2.
This updates minimum requirements to 2048 bit RSA keys and SHA-2 message digest.
line wrap: on
line diff
--- a/grpc_ssl.t Wed Jun 19 15:07:29 2019 +0300 +++ b/grpc_ssl.t Tue Jul 09 13:37:55 2019 +0300 @@ -103,7 +103,7 @@ $t->write_file('openssl.conf', <<EOF); [ req ] -default_bits = 1024 +default_bits = 2048 encrypt_key = no distinguished_name = req_distinguished_name [ req_distinguished_name ] @@ -121,7 +121,7 @@ foreach my $name ('client') { system("openssl genrsa -out $d/$name.key -passout pass:$name " - . "-aes128 1024 >>$d/openssl.out 2>&1") == 0 + . "-aes128 2048 >>$d/openssl.out 2>&1") == 0 or die "Can't create private key: $!\n"; system('openssl req -x509 -new ' . "-config $d/openssl.conf -subj /CN=$name/ "
--- a/h2_proxy_request_buffering_ssl.t Wed Jun 19 15:07:29 2019 +0300 +++ b/h2_proxy_request_buffering_ssl.t Tue Jul 09 13:37:55 2019 +0300 @@ -82,7 +82,7 @@ $t->write_file('openssl.conf', <<EOF); [ req ] -default_bits = 1024 +default_bits = 2048 encrypt_key = no distinguished_name = req_distinguished_name [ req_distinguished_name ]
--- a/h2_proxy_ssl.t Wed Jun 19 15:07:29 2019 +0300 +++ b/h2_proxy_ssl.t Tue Jul 09 13:37:55 2019 +0300 @@ -57,7 +57,7 @@ $t->write_file('openssl.conf', <<EOF); [ req ] -default_bits = 1024 +default_bits = 2048 encrypt_key = no distinguished_name = req_distinguished_name [ req_distinguished_name ]
--- a/h2_ssl.t Wed Jun 19 15:07:29 2019 +0300 +++ b/h2_ssl.t Tue Jul 09 13:37:55 2019 +0300 @@ -56,7 +56,7 @@ $t->write_file('openssl.conf', <<EOF); [ req ] -default_bits = 1024 +default_bits = 2048 encrypt_key = no distinguished_name = req_distinguished_name [ req_distinguished_name ]
--- a/h2_ssl_proxy_cache.t Wed Jun 19 15:07:29 2019 +0300 +++ b/h2_ssl_proxy_cache.t Tue Jul 09 13:37:55 2019 +0300 @@ -70,7 +70,7 @@ $t->write_file('openssl.conf', <<EOF); [ req ] -default_bits = 1024 +default_bits = 2048 encrypt_key = no distinguished_name = req_distinguished_name [ req_distinguished_name ]
--- a/h2_ssl_variables.t Wed Jun 19 15:07:29 2019 +0300 +++ b/h2_ssl_variables.t Tue Jul 09 13:37:55 2019 +0300 @@ -69,7 +69,7 @@ $t->write_file('openssl.conf', <<EOF); [ req ] -default_bits = 1024 +default_bits = 2048 encrypt_key = no distinguished_name = req_distinguished_name [ req_distinguished_name ]
--- a/h2_ssl_verify_client.t Wed Jun 19 15:07:29 2019 +0300 +++ b/h2_ssl_verify_client.t Tue Jul 09 13:37:55 2019 +0300 @@ -73,7 +73,7 @@ $t->write_file('openssl.conf', <<EOF); [ req ] -default_bits = 1024 +default_bits = 2048 encrypt_key = no distinguished_name = req_distinguished_name [ req_distinguished_name ]
--- a/mail_capability.t Wed Jun 19 15:07:29 2019 +0300 +++ b/mail_capability.t Tue Jul 09 13:37:55 2019 +0300 @@ -103,7 +103,7 @@ $t->write_file('openssl.conf', <<EOF); [ req ] -default_bits = 1024 +default_bits = 2048 encrypt_key = no distinguished_name = req_distinguished_name [ req_distinguished_name ]
--- a/mail_imap_ssl.t Wed Jun 19 15:07:29 2019 +0300 +++ b/mail_imap_ssl.t Tue Jul 09 13:37:55 2019 +0300 @@ -119,7 +119,7 @@ $t->write_file('openssl.conf', <<EOF); [ req ] -default_bits = 1024 +default_bits = 2048 encrypt_key = no distinguished_name = req_distinguished_name [ req_distinguished_name ]
--- a/mail_ssl.t Wed Jun 19 15:07:29 2019 +0300 +++ b/mail_ssl.t Tue Jul 09 13:37:55 2019 +0300 @@ -139,7 +139,7 @@ $t->write_file('openssl.conf', <<EOF); [ req ] -default_bits = 1024 +default_bits = 2048 encrypt_key = no distinguished_name = req_distinguished_name [ req_distinguished_name ] @@ -149,7 +149,7 @@ foreach my $name ('localhost', 'inherits') { system("openssl genrsa -out $d/$name.key -passout pass:localhost " - . "-aes128 1024 >>$d/openssl.out 2>&1") == 0 + . "-aes128 2048 >>$d/openssl.out 2>&1") == 0 or die "Can't create private key: $!\n"; system('openssl req -x509 -new ' . "-config $d/openssl.conf -subj /CN=$name/ "
--- a/proxy_if.t Wed Jun 19 15:07:29 2019 +0300 +++ b/proxy_if.t Tue Jul 09 13:37:55 2019 +0300 @@ -158,7 +158,7 @@ $t->write_file('openssl.conf', <<EOF); [ req ] -default_bits = 1024 +default_bits = 2048 encrypt_key = no distinguished_name = req_distinguished_name [ req_distinguished_name ]
--- a/proxy_request_buffering_ssl.t Wed Jun 19 15:07:29 2019 +0300 +++ b/proxy_request_buffering_ssl.t Tue Jul 09 13:37:55 2019 +0300 @@ -97,7 +97,7 @@ $t->write_file('openssl.conf', <<EOF); [ req ] -default_bits = 1024 +default_bits = 2048 encrypt_key = no distinguished_name = req_distinguished_name [ req_distinguished_name ]
--- a/proxy_ssl.t Wed Jun 19 15:07:29 2019 +0300 +++ b/proxy_ssl.t Tue Jul 09 13:37:55 2019 +0300 @@ -79,7 +79,7 @@ $t->write_file('openssl.conf', <<EOF); [ req ] -default_bits = 1024 +default_bits = 2048 encrypt_key = no distinguished_name = req_distinguished_name [ req_distinguished_name ]
--- a/proxy_ssl_certificate.t Wed Jun 19 15:07:29 2019 +0300 +++ b/proxy_ssl_certificate.t Tue Jul 09 13:37:55 2019 +0300 @@ -100,7 +100,7 @@ $t->write_file('openssl.conf', <<EOF); [ req ] -default_bits = 1024 +default_bits = 2048 encrypt_key = no distinguished_name = req_distinguished_name [ req_distinguished_name ] @@ -118,7 +118,7 @@ foreach my $name ('3.example.com') { system("openssl genrsa -out $d/$name.key -passout pass:$name " - . "-aes128 1024 >>$d/openssl.out 2>&1") == 0 + . "-aes128 2048 >>$d/openssl.out 2>&1") == 0 or die "Can't create private key: $!\n"; system('openssl req -x509 -new ' . "-config $d/openssl.conf -subj /CN=$name/ "
--- a/proxy_ssl_keepalive.t Wed Jun 19 15:07:29 2019 +0300 +++ b/proxy_ssl_keepalive.t Tue Jul 09 13:37:55 2019 +0300 @@ -73,7 +73,7 @@ $t->write_file('openssl.conf', <<EOF); [ req ] -default_bits = 1024 +default_bits = 2048 encrypt_key = no distinguished_name = req_distinguished_name [ req_distinguished_name ]
--- a/proxy_ssl_name.t Wed Jun 19 15:07:29 2019 +0300 +++ b/proxy_ssl_name.t Tue Jul 09 13:37:55 2019 +0300 @@ -116,7 +116,7 @@ $t->write_file('openssl.conf', <<EOF); [ req ] -default_bits = 1024 +default_bits = 2048 encrypt_key = no distinguished_name = req_distinguished_name [ req_distinguished_name ]
--- a/proxy_ssl_verify.t Wed Jun 19 15:07:29 2019 +0300 +++ b/proxy_ssl_verify.t Tue Jul 09 13:37:55 2019 +0300 @@ -109,7 +109,7 @@ $t->write_file('openssl.1.example.com.conf', <<EOF); [ req ] prompt = no -default_bits = 1024 +default_bits = 2048 encrypt_key = no distinguished_name = req_distinguished_name x509_extensions = v3_req @@ -124,7 +124,7 @@ $t->write_file('openssl.2.example.com.conf', <<EOF); [ req ] prompt = no -default_bits = 1024 +default_bits = 2048 encrypt_key = no distinguished_name = req_distinguished_name
--- a/ssl.t Wed Jun 19 15:07:29 2019 +0300 +++ b/ssl.t Tue Jul 09 13:37:55 2019 +0300 @@ -151,7 +151,7 @@ $t->write_file('openssl.conf', <<EOF); [ req ] -default_bits = 1024 +default_bits = 2048 encrypt_key = no distinguished_name = req_distinguished_name [ req_distinguished_name ] @@ -166,7 +166,7 @@ [ myca ] new_certs_dir = $d database = $d/certindex -default_md = sha1 +default_md = sha256 policy = myca_policy serial = $d/certserial default_days = 3
--- a/ssl_certificate.t Wed Jun 19 15:07:29 2019 +0300 +++ b/ssl_certificate.t Tue Jul 09 13:37:55 2019 +0300 @@ -134,7 +134,7 @@ $t->write_file('openssl.conf', <<EOF); [ req ] -default_bits = 1024 +default_bits = 2048 encrypt_key = no distinguished_name = req_distinguished_name [ req_distinguished_name ] @@ -152,7 +152,7 @@ foreach my $name ('pass') { system("openssl genrsa -out $d/$name.key -passout pass:pass " - . "-aes128 1024 >>$d/openssl.out 2>&1") == 0 + . "-aes128 2048 >>$d/openssl.out 2>&1") == 0 or die "Can't create $name key: $!\n"; system("openssl req -x509 -new -config $d/openssl.conf " . "-subj /CN=$name/ -out $d/$name.crt -key $d/$name.key "
--- a/ssl_certificate_chain.t Wed Jun 19 15:07:29 2019 +0300 +++ b/ssl_certificate_chain.t Tue Jul 09 13:37:55 2019 +0300 @@ -73,7 +73,7 @@ $t->write_file('openssl.conf', <<EOF); [ req ] -default_bits = 1024 +default_bits = 2048 encrypt_key = no distinguished_name = req_distinguished_name [ req_distinguished_name ] @@ -86,7 +86,7 @@ [ myca ] new_certs_dir = $d database = $d/certindex -default_md = sha1 +default_md = sha256 policy = myca_policy serial = $d/certserial default_days = 1
--- a/ssl_certificate_perl.t Wed Jun 19 15:07:29 2019 +0300 +++ b/ssl_certificate_perl.t Tue Jul 09 13:37:55 2019 +0300 @@ -81,7 +81,7 @@ $t->write_file('openssl.conf', <<EOF); [ req ] -default_bits = 1024 +default_bits = 2048 encrypt_key = no distinguished_name = req_distinguished_name [ req_distinguished_name ]
--- a/ssl_certificates.t Wed Jun 19 15:07:29 2019 +0300 +++ b/ssl_certificates.t Tue Jul 09 13:37:55 2019 +0300 @@ -70,7 +70,7 @@ $t->write_file('openssl.conf', <<EOF); [ req ] -default_bits = 1024 +default_bits = 2048 encrypt_key = no distinguished_name = req_distinguished_name [ req_distinguished_name ] @@ -80,7 +80,7 @@ system("openssl ecparam -genkey -out $d/ec.key -name prime256v1 " . ">>$d/openssl.out 2>&1") == 0 or die "Can't create EC pem: $!\n"; -system("openssl genrsa -out $d/rsa.key 1024 >>$d/openssl.out 2>&1") == 0 +system("openssl genrsa -out $d/rsa.key 2048 >>$d/openssl.out 2>&1") == 0 or die "Can't create RSA pem: $!\n"; foreach my $name ('ec', 'rsa') {
--- a/ssl_client_escaped_cert.t Wed Jun 19 15:07:29 2019 +0300 +++ b/ssl_client_escaped_cert.t Tue Jul 09 13:37:55 2019 +0300 @@ -63,7 +63,7 @@ $t->write_file('openssl.conf', <<EOF); [ req ] -default_bits = 1024 +default_bits = 2048 encrypt_key = no distinguished_name = req_distinguished_name [ req_distinguished_name ]
--- a/ssl_crl.t Wed Jun 19 15:07:29 2019 +0300 +++ b/ssl_crl.t Tue Jul 09 13:37:55 2019 +0300 @@ -81,7 +81,7 @@ $t->write_file('openssl.conf', <<EOF); [ req ] -default_bits = 1024 +default_bits = 2048 encrypt_key = no distinguished_name = req_distinguished_name [ req_distinguished_name ] @@ -94,7 +94,7 @@ [ myca ] new_certs_dir = $d database = $d/certindex -default_md = sha1 +default_md = sha256 policy = myca_policy serial = $d/certserial default_days = 1
--- a/ssl_engine_keys.t Wed Jun 19 15:07:29 2019 +0300 +++ b/ssl_engine_keys.t Tue Jul 09 13:37:55 2019 +0300 @@ -106,7 +106,7 @@ PIN = 1234 [ req ] -default_bits = 1024 +default_bits = 2048 encrypt_key = no distinguished_name = req_distinguished_name [ req_distinguished_name ] @@ -127,7 +127,7 @@ . ">>$d/openssl.out 2>&1"); system('pkcs11-tool --module=/usr/local/lib/softhsm/libsofthsm.so ' - . '-p 1234 -l -k -d 0 -a nx_key_0 --key-type rsa:1024 ' + . '-p 1234 -l -k -d 0 -a nx_key_0 --key-type rsa:2048 ' . ">>$d/openssl.out 2>&1"); system('openssl req -x509 -new -engine pkcs11 '
--- a/ssl_password_file.t Wed Jun 19 15:07:29 2019 +0300 +++ b/ssl_password_file.t Tue Jul 09 13:37:55 2019 +0300 @@ -92,7 +92,7 @@ $t->write_file('openssl.conf', <<EOF); [ req ] -default_bits = 1024 +default_bits = 2048 encrypt_key = no distinguished_name = req_distinguished_name [ req_distinguished_name ] @@ -103,7 +103,7 @@ foreach my $name ('localhost', 'inherits') { system("openssl genrsa -out $d/$name.key -passout pass:$name " - . "-aes128 1024 >>$d/openssl.out 2>&1") == 0 + . "-aes128 2048 >>$d/openssl.out 2>&1") == 0 or die "Can't create private key: $!\n"; system('openssl req -x509 -new ' . "-config $d/openssl.conf -subj /CN=$name/ "
--- a/ssl_proxy_protocol.t Wed Jun 19 15:07:29 2019 +0300 +++ b/ssl_proxy_protocol.t Tue Jul 09 13:37:55 2019 +0300 @@ -76,7 +76,7 @@ $t->write_file('openssl.conf', <<EOF); [ req ] -default_bits = 1024 +default_bits = 2048 encrypt_key = no distinguished_name = req_distinguished_name [ req_distinguished_name ]
--- a/ssl_proxy_upgrade.t Wed Jun 19 15:07:29 2019 +0300 +++ b/ssl_proxy_upgrade.t Tue Jul 09 13:37:55 2019 +0300 @@ -72,7 +72,7 @@ $t->write_file('openssl.conf', <<EOF); [ req ] -default_bits = 1024 +default_bits = 2048 encrypt_key = no distinguished_name = req_distinguished_name [ req_distinguished_name ]
--- a/ssl_sni.t Wed Jun 19 15:07:29 2019 +0300 +++ b/ssl_sni.t Tue Jul 09 13:37:55 2019 +0300 @@ -100,7 +100,7 @@ $t->write_file('openssl.conf', <<EOF); [ req ] -default_bits = 1024 +default_bits = 2048 encrypt_key = no distinguished_name = req_distinguished_name [ req_distinguished_name ]
--- a/ssl_sni_reneg.t Wed Jun 19 15:07:29 2019 +0300 +++ b/ssl_sni_reneg.t Tue Jul 09 13:37:55 2019 +0300 @@ -76,7 +76,7 @@ $t->write_file('openssl.conf', <<EOF); [ req ] -default_bits = 1024 +default_bits = 2048 encrypt_key = no distinguished_name = req_distinguished_name [ req_distinguished_name ]
--- a/ssl_sni_sessions.t Wed Jun 19 15:07:29 2019 +0300 +++ b/ssl_sni_sessions.t Tue Jul 09 13:37:55 2019 +0300 @@ -106,7 +106,7 @@ $t->write_file('openssl.conf', <<EOF); [ req ] -default_bits = 1024 +default_bits = 2048 encrypt_key = no distinguished_name = req_distinguished_name [ req_distinguished_name ]
--- a/ssl_stapling.t Wed Jun 19 15:07:29 2019 +0300 +++ b/ssl_stapling.t Tue Jul 09 13:37:55 2019 +0300 @@ -124,7 +124,7 @@ $t->write_file('openssl.conf', <<EOF); [ req ] -default_bits = 1024 +default_bits = 2048 encrypt_key = no distinguished_name = req_distinguished_name [ req_distinguished_name ] @@ -137,7 +137,7 @@ [ myca ] new_certs_dir = $d database = $d/certindex -default_md = sha1 +default_md = sha256 policy = myca_policy serial = $d/certserial default_days = 1
--- a/ssl_verify_client.t Wed Jun 19 15:07:29 2019 +0300 +++ b/ssl_verify_client.t Tue Jul 09 13:37:55 2019 +0300 @@ -116,7 +116,7 @@ $t->write_file('openssl.conf', <<EOF); [ req ] -default_bits = 1024 +default_bits = 2048 encrypt_key = no distinguished_name = req_distinguished_name [ req_distinguished_name ]
--- a/ssl_verify_depth.t Wed Jun 19 15:07:29 2019 +0300 +++ b/ssl_verify_depth.t Tue Jul 09 13:37:55 2019 +0300 @@ -63,7 +63,7 @@ $t->write_file('openssl.conf', <<EOF); [ req ] -default_bits = 1024 +default_bits = 2048 encrypt_key = no distinguished_name = req_distinguished_name [ req_distinguished_name ] @@ -76,7 +76,7 @@ [ myca ] new_certs_dir = $d database = $d/certindex -default_md = sha1 +default_md = sha256 policy = myca_policy serial = $d/certserial default_days = 1
--- a/stream_proxy_protocol_ssl.t Wed Jun 19 15:07:29 2019 +0300 +++ b/stream_proxy_protocol_ssl.t Tue Jul 09 13:37:55 2019 +0300 @@ -59,7 +59,7 @@ $t->write_file('openssl.conf', <<EOF); [ req ] -default_bits = 1024 +default_bits = 2048 encrypt_key = no distinguished_name = req_distinguished_name [ req_distinguished_name ]
--- a/stream_proxy_ssl.t Wed Jun 19 15:07:29 2019 +0300 +++ b/stream_proxy_ssl.t Tue Jul 09 13:37:55 2019 +0300 @@ -83,7 +83,7 @@ $t->write_file('openssl.conf', <<EOF); [ req ] -default_bits = 1024 +default_bits = 2048 encrypt_key = no distinguished_name = req_distinguished_name [ req_distinguished_name ]
--- a/stream_proxy_ssl_certificate.t Wed Jun 19 15:07:29 2019 +0300 +++ b/stream_proxy_ssl_certificate.t Tue Jul 09 13:37:55 2019 +0300 @@ -104,7 +104,7 @@ $t->write_file('openssl.conf', <<EOF); [ req ] -default_bits = 1024 +default_bits = 2048 encrypt_key = no distinguished_name = req_distinguished_name [ req_distinguished_name ] @@ -122,7 +122,7 @@ foreach my $name ('3.example.com') { system("openssl genrsa -out $d/$name.key -passout pass:$name " - . "-aes128 1024 >>$d/openssl.out 2>&1") == 0 + . "-aes128 2048 >>$d/openssl.out 2>&1") == 0 or die "Can't create private key: $!\n"; system('openssl req -x509 -new ' . "-config $d/openssl.conf -subj /CN=$name/ "
--- a/stream_proxy_ssl_name.t Wed Jun 19 15:07:29 2019 +0300 +++ b/stream_proxy_ssl_name.t Tue Jul 09 13:37:55 2019 +0300 @@ -101,7 +101,7 @@ $t->write_file('openssl.conf', <<EOF); [ req ] -default_bits = 1024 +default_bits = 2048 encrypt_key = no distinguished_name = req_distinguished_name [ req_distinguished_name ]
--- a/stream_proxy_ssl_name_complex.t Wed Jun 19 15:07:29 2019 +0300 +++ b/stream_proxy_ssl_name_complex.t Tue Jul 09 13:37:55 2019 +0300 @@ -62,7 +62,7 @@ $t->write_file('openssl.conf', <<EOF); [ req ] -default_bits = 1024 +default_bits = 2048 encrypt_key = no distinguished_name = req_distinguished_name [ req_distinguished_name ]
--- a/stream_proxy_ssl_verify.t Wed Jun 19 15:07:29 2019 +0300 +++ b/stream_proxy_ssl_verify.t Tue Jul 09 13:37:55 2019 +0300 @@ -111,7 +111,7 @@ $t->write_file('openssl.1.example.com.conf', <<EOF); [ req ] prompt = no -default_bits = 1024 +default_bits = 2048 encrypt_key = no distinguished_name = req_distinguished_name x509_extensions = v3_req @@ -126,7 +126,7 @@ $t->write_file('openssl.2.example.com.conf', <<EOF); [ req ] prompt = no -default_bits = 1024 +default_bits = 2048 encrypt_key = no distinguished_name = req_distinguished_name
--- a/stream_ssl.t Wed Jun 19 15:07:29 2019 +0300 +++ b/stream_ssl.t Tue Jul 09 13:37:55 2019 +0300 @@ -92,7 +92,7 @@ $t->write_file('openssl.conf', <<EOF); [ req ] -default_bits = 1024 +default_bits = 2048 encrypt_key = no distinguished_name = req_distinguished_name [ req_distinguished_name ] @@ -103,7 +103,7 @@ foreach my $name ('localhost', 'inherits') { system("openssl genrsa -out $d/$name.key -passout pass:$name " - . "-aes128 1024 >>$d/openssl.out 2>&1") == 0 + . "-aes128 2048 >>$d/openssl.out 2>&1") == 0 or die "Can't create private key: $!\n"; system('openssl req -x509 -new ' . "-config $d/openssl.conf -subj /CN=$name/ "
--- a/stream_ssl_certificate.t Wed Jun 19 15:07:29 2019 +0300 +++ b/stream_ssl_certificate.t Tue Jul 09 13:37:55 2019 +0300 @@ -117,7 +117,7 @@ $t->write_file('openssl.conf', <<EOF); [ req ] -default_bits = 1024 +default_bits = 2048 encrypt_key = no distinguished_name = req_distinguished_name [ req_distinguished_name ] @@ -135,7 +135,7 @@ foreach my $name ('pass') { system("openssl genrsa -out $d/$name.key -passout pass:pass " - . "-aes128 1024 >>$d/openssl.out 2>&1") == 0 + . "-aes128 2048 >>$d/openssl.out 2>&1") == 0 or die "Can't create $name key: $!\n"; system("openssl req -x509 -new -config $d/openssl.conf " . "-subj /CN=$name/ -out $d/$name.crt -key $d/$name.key "
--- a/stream_ssl_preread.t Wed Jun 19 15:07:29 2019 +0300 +++ b/stream_ssl_preread.t Tue Jul 09 13:37:55 2019 +0300 @@ -126,7 +126,7 @@ $t->write_file('openssl.conf', <<EOF); [ req ] -default_bits = 1024 +default_bits = 2048 encrypt_key = no distinguished_name = req_distinguished_name [ req_distinguished_name ]
--- a/stream_ssl_preread_alpn.t Wed Jun 19 15:07:29 2019 +0300 +++ b/stream_ssl_preread_alpn.t Tue Jul 09 13:37:55 2019 +0300 @@ -86,7 +86,7 @@ $t->write_file('openssl.conf', <<EOF); [ req ] -default_bits = 1024 +default_bits = 2048 encrypt_key = no distinguished_name = req_distinguished_name [ req_distinguished_name ]
--- a/stream_ssl_realip.t Wed Jun 19 15:07:29 2019 +0300 +++ b/stream_ssl_realip.t Tue Jul 09 13:37:55 2019 +0300 @@ -84,7 +84,7 @@ $t->write_file('openssl.conf', <<EOF); [ req ] -default_bits = 1024 +default_bits = 2048 encrypt_key = no distinguished_name = req_distinguished_name [ req_distinguished_name ]
--- a/stream_ssl_variables.t Wed Jun 19 15:07:29 2019 +0300 +++ b/stream_ssl_variables.t Tue Jul 09 13:37:55 2019 +0300 @@ -73,7 +73,7 @@ $t->write_file('openssl.conf', <<EOF); [ req ] -default_bits = 1024 +default_bits = 2048 encrypt_key = no distinguished_name = req_distinguished_name [ req_distinguished_name ]
--- a/stream_ssl_verify_client.t Wed Jun 19 15:07:29 2019 +0300 +++ b/stream_ssl_verify_client.t Tue Jul 09 13:37:55 2019 +0300 @@ -92,7 +92,7 @@ $t->write_file('openssl.conf', <<EOF); [ req ] -default_bits = 1024 +default_bits = 2048 encrypt_key = no distinguished_name = req_distinguished_name [ req_distinguished_name ]
--- a/stream_upstream_zone_ssl.t Wed Jun 19 15:07:29 2019 +0300 +++ b/stream_upstream_zone_ssl.t Tue Jul 09 13:37:55 2019 +0300 @@ -86,7 +86,7 @@ $t->write_file('openssl.conf', <<EOF); [ req ] -default_bits = 1024 +default_bits = 2048 encrypt_key = no distinguished_name = req_distinguished_name [ req_distinguished_name ]
--- a/upstream_zone_ssl.t Wed Jun 19 15:07:29 2019 +0300 +++ b/upstream_zone_ssl.t Tue Jul 09 13:37:55 2019 +0300 @@ -89,7 +89,7 @@ $t->write_file('openssl.conf', <<EOF); [ req ] -default_bits = 1024 +default_bits = 2048 encrypt_key = no distinguished_name = req_distinguished_name [ req_distinguished_name ]