ruby-changes:53932
From: normal <ko1@a...>
Date: Mon, 3 Dec 2018 13:51:13 +0900 (JST)
Subject: [ruby-changes:53932] normal:r66152 (trunk): webrick: fix tests on Debian sid/unstable with OpenSSL 1.1.1a
normal 2018-12-03 13:51:08 +0900 (Mon, 03 Dec 2018) New Revision: 66152 https://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=66152 Log: webrick: fix tests on Debian sid/unstable with OpenSSL 1.1.1a OpenSSL complains abour our keys being small and weak :< Make them big and strong with 2048-bit RSA keys and SHA256 digests Modified files: trunk/lib/webrick/ssl.rb trunk/test/webrick/test_httpproxy.rb Index: lib/webrick/ssl.rb =================================================================== --- lib/webrick/ssl.rb (revision 66151) +++ lib/webrick/ssl.rb (revision 66152) @@ -130,7 +130,7 @@ module WEBrick https://github.com/ruby/ruby/blob/trunk/lib/webrick/ssl.rb#L130 aki = ef.create_extension("authorityKeyIdentifier", "keyid:always,issuer:always") cert.add_extension(aki) - cert.sign(rsa, OpenSSL::Digest::SHA1.new) + cert.sign(rsa, OpenSSL::Digest::SHA256.new) return [ cert, rsa ] end @@ -181,7 +181,7 @@ module WEBrick https://github.com/ruby/ruby/blob/trunk/lib/webrick/ssl.rb#L181 unless config[:SSLCertificate] cn = config[:SSLCertName] comment = config[:SSLCertComment] - cert, key = Utils::create_self_signed_cert(1024, cn, comment) + cert, key = Utils::create_self_signed_cert(2048, cn, comment) config[:SSLCertificate] = cert config[:SSLPrivateKey] = key end Index: test/webrick/test_httpproxy.rb =================================================================== --- test/webrick/test_httpproxy.rb (revision 66151) +++ test/webrick/test_httpproxy.rb (revision 66152) @@ -230,7 +230,7 @@ class TestWEBrickHTTPProxy < Test::Unit: https://github.com/ruby/ruby/blob/trunk/test/webrick/test_httpproxy.rb#L230 cert.not_after = Time.now + 3600 ef = OpenSSL::X509::ExtensionFactory.new(cert, cert) exts.each {|args| cert.add_extension(ef.create_extension(*args)) } - cert.sign(key, "sha1") + cert.sign(key, "sha256") return cert end if defined?(OpenSSL::SSL) -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/