You are viewing a plain text version of this content. The canonical link for it is here.
Posted to test-commits@perl.apache.org by kb...@apache.org on 2015/09/27 15:05:35 UTC

svn commit: r1705534 - /perl/Apache-Test/trunk/lib/Apache/TestSSLCA.pm

Author: kbrand
Date: Sun Sep 27 13:05:34 2015
New Revision: 1705534

URL: http://svn.apache.org/viewvc?rev=1705534&view=rev
Log:
update key sizes and message digest to what is common in 2015

Modified:
    perl/Apache-Test/trunk/lib/Apache/TestSSLCA.pm

Modified: perl/Apache-Test/trunk/lib/Apache/TestSSLCA.pm
URL: http://svn.apache.org/viewvc/perl/Apache-Test/trunk/lib/Apache/TestSSLCA.pm?rev=1705534&r1=1705533&r2=1705534&view=diff
==============================================================================
--- perl/Apache-Test/trunk/lib/Apache/TestSSLCA.pm (original)
+++ perl/Apache-Test/trunk/lib/Apache/TestSSLCA.pm Sun Sep 27 13:05:34 2015
@@ -46,6 +46,7 @@ my $cakey    = 'keys/ca.pem';
 my $cacert   = 'certs/ca.crt';
 my $capolicy = '-policy policy_anything';
 my $cacrl    = 'crl/ca-bundle.crl';
+my $dgst     = 'sha256';
 
 #we use the same password for everything
 my $pass    = 'httpd';
@@ -57,6 +58,12 @@ my $email_field = Apache::Test::normaliz
                   Apache::Test::normalize_vstring("0.9.7") ?
                   "Email" : "emailAddress";
 
+# downgrade to SHA-1 for OpenSSL before 0.9.8
+if (Apache::Test::normalize_vstring($version) <
+    Apache::Test::normalize_vstring("0.9.8")) {
+    $dgst = 'sha1';
+}
+
 my $ca_dn = {
     asf => {
         C  => 'US',
@@ -211,7 +218,7 @@ sub config_file {
 distinguished_name     = req_distinguished_name
 attributes             = req_attributes
 prompt                 = no
-default_bits           = 1024
+default_bits           = 2048
 output_password        = $pass
 
 [ req_distinguished_name ]
@@ -242,7 +249,7 @@ private_key      = $cakey       # The pr
 
 default_days     = 365          # how long to certify for
 default_crl_days = 365          # how long before next CRL
-default_md       = sha1         # which md to use.
+default_md       = $dgst        # which md to use.
 preserve         = no           # keep passed DN ordering
 
 [ policy_anything ]
@@ -305,12 +312,12 @@ sub new_key {
         #this takes a long time so just do it once
         #don't do this in real life
         unless (-e 'dsa-param') {
-            openssl dsaparam => '-inform PEM -out dsa-param 1024';
+            openssl dsaparam => '-inform PEM -out dsa-param 2048';
         }
         openssl gendsa => "dsa-param $out";
     }
     else {
-        openssl genrsa => "$out 1024";
+        openssl genrsa => "$out 2048";
     }
 }
 
@@ -552,5 +559,9 @@ sub version {
     return 0;
 }
 
+sub dgst {
+    return $dgst;
+}
+
 1;
 __END__