You are viewing a plain text version of this content. The canonical link for it is here.
Posted to test-commits@perl.apache.org by kb...@apache.org on 2015/09/27 15:05:35 UTC
svn commit: r1705534 - /perl/Apache-Test/trunk/lib/Apache/TestSSLCA.pm
Author: kbrand
Date: Sun Sep 27 13:05:34 2015
New Revision: 1705534
URL: http://svn.apache.org/viewvc?rev=1705534&view=rev
Log:
update key sizes and message digest to what is common in 2015
Modified:
perl/Apache-Test/trunk/lib/Apache/TestSSLCA.pm
Modified: perl/Apache-Test/trunk/lib/Apache/TestSSLCA.pm
URL: http://svn.apache.org/viewvc/perl/Apache-Test/trunk/lib/Apache/TestSSLCA.pm?rev=1705534&r1=1705533&r2=1705534&view=diff
==============================================================================
--- perl/Apache-Test/trunk/lib/Apache/TestSSLCA.pm (original)
+++ perl/Apache-Test/trunk/lib/Apache/TestSSLCA.pm Sun Sep 27 13:05:34 2015
@@ -46,6 +46,7 @@ my $cakey = 'keys/ca.pem';
my $cacert = 'certs/ca.crt';
my $capolicy = '-policy policy_anything';
my $cacrl = 'crl/ca-bundle.crl';
+my $dgst = 'sha256';
#we use the same password for everything
my $pass = 'httpd';
@@ -57,6 +58,12 @@ my $email_field = Apache::Test::normaliz
Apache::Test::normalize_vstring("0.9.7") ?
"Email" : "emailAddress";
+# downgrade to SHA-1 for OpenSSL before 0.9.8
+if (Apache::Test::normalize_vstring($version) <
+ Apache::Test::normalize_vstring("0.9.8")) {
+ $dgst = 'sha1';
+}
+
my $ca_dn = {
asf => {
C => 'US',
@@ -211,7 +218,7 @@ sub config_file {
distinguished_name = req_distinguished_name
attributes = req_attributes
prompt = no
-default_bits = 1024
+default_bits = 2048
output_password = $pass
[ req_distinguished_name ]
@@ -242,7 +249,7 @@ private_key = $cakey # The pr
default_days = 365 # how long to certify for
default_crl_days = 365 # how long before next CRL
-default_md = sha1 # which md to use.
+default_md = $dgst # which md to use.
preserve = no # keep passed DN ordering
[ policy_anything ]
@@ -305,12 +312,12 @@ sub new_key {
#this takes a long time so just do it once
#don't do this in real life
unless (-e 'dsa-param') {
- openssl dsaparam => '-inform PEM -out dsa-param 1024';
+ openssl dsaparam => '-inform PEM -out dsa-param 2048';
}
openssl gendsa => "dsa-param $out";
}
else {
- openssl genrsa => "$out 1024";
+ openssl genrsa => "$out 2048";
}
}
@@ -552,5 +559,9 @@ sub version {
return 0;
}
+sub dgst {
+ return $dgst;
+}
+
1;
__END__