ruby-changes:55863
From: Yusuke <ko1@a...>
Date: Mon, 27 May 2019 13:00:42 +0900 (JST)
Subject: [ruby-changes:55863] Yusuke Endoh: 43730256e8 (trunk): open-uri: Regenerate server certificates for tests
https://git.ruby-lang.org/ruby.git/commit/?id=43730256e8 From 43730256e800dd8e0c5cc482e9861868590ae037 Mon Sep 17 00:00:00 2001 From: Yusuke Endoh <mame@r...> Date: Mon, 27 May 2019 12:58:08 +0900 Subject: open-uri: Regenerate server certificates for tests OpenSSL 1.1.1 requires 2048 bits or more. This change will fix: https://rubyci.org/logs/rubyci.s3.amazonaws.com/debian/ruby-master/log/20190527T003004Z.fail.html.gz#test%2Fopen-uri diff --git a/test/open-uri/test_ssl.rb b/test/open-uri/test_ssl.rb index 948cb6a..3371396 100644 --- a/test/open-uri/test_ssl.rb +++ b/test/open-uri/test_ssl.rb @@ -175,18 +175,18 @@ class TestOpenURISSL https://github.com/ruby/ruby/blob/trunk/test/open-uri/test_ssl.rb#L175 end if defined?(OpenSSL::SSL) if defined?(OpenSSL::SSL) -# cp /etc/ssl/openssl.cnf . # I copied from OpenSSL 1.0.2h source +# cp /etc/ssl/openssl.cnf . # I copied from OpenSSL 1.1.1b source # mkdir demoCA demoCA/private demoCA/newcerts # touch demoCA/index.txt # echo 00 > demoCA/serial -# openssl genrsa -des3 -out demoCA/private/cakey.pem 1024 +# openssl genrsa -des3 -out demoCA/private/cakey.pem 2048 # openssl req -new -key demoCA/private/cakey.pem -out demoCA/careq.pem -subj "/C=JP/ST=Tokyo/O=RubyTest/CN=Ruby Test CA" # # basicConstraints=CA:TRUE is required; the default openssl.cnf has it in [v3_ca] # openssl ca -config openssl.cnf -extensions v3_ca -out demoCA/cacert.pem -startdate 090101000000Z -enddate 491231235959Z -batch -keyfile demoCA/private/cakey.pem -selfsign -infiles demoCA/careq.pem # mkdir server -# openssl genrsa -des3 -out server/server.key 1024 +# openssl genrsa -des3 -out server/server.key 2048 # openssl req -new -key server/server.key -out server/csr.pem -subj "/C=JP/ST=Tokyo/O=RubyTest/CN=127.0.0.1" # openssl ca -config openssl.cnf -startdate 090101000000Z -enddate 491231235959Z -in server/csr.pem -keyfile demoCA/private/cakey.pem -cert demoCA/cacert.pem -out server/cert.pem @@ -199,7 +199,7 @@ Certificate: https://github.com/ruby/ruby/blob/trunk/test/open-uri/test_ssl.rb#L199 Data: Version: 3 (0x2) Serial Number: 0 (0x0) - Signature Algorithm: sha256WithRSAEncryption + Signature Algorithm: sha256WithRSAEncryption Issuer: C=JP, ST=Tokyo, O=RubyTest, CN=Ruby Test CA Validity Not Before: Jan 1 00:00:00 2009 GMT @@ -207,49 +207,70 @@ Certificate: https://github.com/ruby/ruby/blob/trunk/test/open-uri/test_ssl.rb#L207 Subject: C=JP, ST=Tokyo, O=RubyTest, CN=Ruby Test CA Subject Public Key Info: Public Key Algorithm: rsaEncryption - Public-Key: (1024 bit) + RSA Public-Key: (2048 bit) Modulus: - 00:be:74:41:33:c9:1b:e1:12:78:6b:b4:52:2e:ae: - b6:e2:1e:58:65:57:2d:cb:07:3f:91:c9:53:7a:e7: - 2e:68:2c:0c:5d:8b:16:a7:42:4a:5c:6f:c7:aa:44: - ff:6d:c6:d7:49:0e:b1:5d:03:5b:51:ce:d5:cc:cd: - ab:69:cc:c2:43:76:b1:b2:30:3b:e7:f6:1f:3e:35: - 1d:21:75:41:96:eb:84:a0:34:6f:a4:5d:70:a2:b2: - d5:fe:b9:45:47:a1:e8:ca:e3:b7:bb:4d:37:1c:f3: - 96:d4:2d:80:85:cd:8e:31:96:53:92:a0:fe:e4:4c: - 16:47:5e:c8:27:32:70:a8:6b + 00:ad:f3:4d:5b:0b:01:54:cc:86:36:d1:93:6b:33: + 56:25:90:61:d6:9a:a0:f4:24:20:ee:c8:14:ab:0f: + 4b:89:d8:7c:bb:c0:f8:7f:fb:e9:a2:d5:1c:6b:6f: + dc:5c:23:b1:49:aa:2c:e8:ca:43:48:64:69:4b:8a: + bd:44:57:9b:14:d9:7a:b2:49:00:d6:c2:74:67:62: + 52:1d:a9:32:df:fe:7a:22:20:49:83:e1:cb:3d:dc: + 1a:2a:f0:36:20:c1:e8:c8:89:d4:51:1a:68:91:20: + e0:ba:67:0a:b2:6b:f8:e3:8c:f5:ee:a1:36:b1:89: + ec:23:b6:f2:39:a9:b9:2e:ea:de:d9:86:e5:42:11: + 46:ed:10:9a:90:76:44:4e:4d:49:2d:49:e8:e3:cb: + ff:7a:7d:80:cb:bf:c4:c3:69:ba:9c:60:4a:de:af: + bf:26:78:b8:fb:46:d1:37:d0:89:ba:78:93:6a:37: + a5:e9:58:e7:e2:e3:7d:7c:95:20:79:41:56:15:cd: + b2:c6:3b:e1:b7:e7:ba:47:60:9a:05:b1:07:f3:26: + 72:9d:3b:1b:02:18:3d:d5:de:e6:e9:30:a9:b5:8f: + 15:1b:40:f9:64:61:54:d3:53:e8:c4:29:4a:89:f3: + e5:0d:fd:16:61:ee:f2:6d:8a:45:a8:34:7e:53:46: + 8e:87 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - 71:DB:DC:BA:F6:7F:75:31:7A:ED:AB:8B:48:93:86:94:1A:FF:30:58 + A0:7E:0B:AD:A3:AD:37:D7:21:0B:75:6F:8A:90:5F:8C:C9:69:DF:98 X509v3 Authority Key Identifier: - keyid:71:DB:DC:BA:F6:7F:75:31:7A:ED:AB:8B:48:93:86:94:1A:FF:30:58 + keyid:A0:7E:0B:AD:A3:AD:37:D7:21:0B:75:6F:8A:90:5F:8C:C9:69:DF:98 - X509v3 Basic Constraints: + X509v3 Basic Constraints: critical CA:TRUE Signature Algorithm: sha256WithRSAEncryption - 91:1c:45:a5:c0:4e:fc:54:39:62:33:80:7d:03:c1:b8:51:f7: - 56:83:6c:a3:15:50:cf:92:a0:77:a3:34:16:b5:30:f0:33:5a: - be:6a:ac:17:87:70:f8:4e:4d:49:ac:8b:84:fd:e5:0f:15:d7: - 9a:29:cc:a9:f5:97:f5:13:2a:86:3b:2d:f4:b7:b4:a2:7c:e1: - 0e:2a:ff:91:64:31:8f:12:cc:99:bf:e1:de:8f:6f:7c:1b:e4: - cc:56:c8:bb:85:c9:ba:df:7f:07:7a:cd:03:22:2c:b6:f8:06: - 35:72:72:b8:52:eb:62:15:85:2b:8f:8c:bc:27:3c:8b:de:32: - db:95 + 06:ea:06:02:19:9a:cb:94:a2:7e:c0:86:71:66:e7:a5:71:46: + a2:25:55:f5:e5:58:df:d1:91:58:e6:8a:0e:91:b3:22:4c:88: + 4d:5f:02:af:0f:73:65:0d:af:9a:f2:e4:36:f3:1f:e8:28:1d: + 9c:74:72:5b:f7:12:e8:fa:45:d6:df:e5:f1:d3:91:f4:0e:db: + e2:56:63:ee:82:57:6f:12:ad:d7:0d:de:5a:8c:3d:76:d2:87: + c9:48:1c:c4:f3:89:63:3c:c2:25:e0:dd:63:a6:4c:6c:5a:07: + 7b:86:78:62:86:02:a1:ef:0e:41:75:c5:d4:61:ab:c3:3b:9b: + 51:0b:e6:34:6d:0b:14:5a:2d:aa:d3:58:26:43:8f:4c:d7:45: + 73:1e:67:66:5e:f3:0c:69:70:27:a1:d5:70:f3:5a:10:98:c8: + 4f:8a:3b:9f:ad:8e:8d:49:8f:fb:f6:36:5d:4f:70:f9:4f:54: + 33:cf:a2:a6:1d:8c:61:b9:30:42:f2:49:d1:3d:a1:f1:eb:1e: + 78:a6:30:f8:8a:48:89:c7:3e:bd:0d:d8:72:04:a6:00:e5:62: + a4:13:3f:9e:b6:86:25:dc:d1:ff:3a:fc:f5:0e:e4:0e:f7:b8: + 66:90:fe:4f:c2:54:2a:7f:61:6e:e7:4b:bf:40:7e:75:30:02: + 5b:bb:91:1b -----BEGIN CERTIFICATE----- -MIICVDCCAb2gAwIBAgIBADANBgkqhkiG9w0BAQsFADBHMQswCQYDVQQGEwJKUDEO +MIIDXDCCAkSgAwIBAgIBADANBgkqhkiG9w0BAQsFADBHMQswCQYDVQQGEwJKUDEO MAwGA1UECAwFVG9reW8xETAPBgNVBAoMCFJ1YnlUZXN0MRUwEwYDVQQDDAxSdWJ5 IFRlc3QgQ0EwHhcNMDkwMTAxMDAwMDAwWhcNNDkxMjMxMjM1OTU5WjBHMQswCQYD VQQGEwJKUDEOMAwGA1UECAwFVG9reW8xETAPBgNVBAoMCFJ1YnlUZXN0MRUwEwYD -VQQDDAxSdWJ5IFRlc3QgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAL50 -QTPJG+ESeGu0Ui6utuIeWGVXLcsHP5HJU3rnLmgsDF2LFqdCSlxvx6pE/23G10kO -sV0DW1HO1czNq2nMwkN2sbIwO+f2Hz41HSF1QZbrhKA0b6RdcKKy1f65RUeh6Mrj -t7tNNxzzltQtgIXNjjGWU5Kg/uRMFkdeyCcycKhrAgMBAAGjUDBOMB0GA1UdDgQW -BBRx29y69n91MXrtq4tIk4aUGv8wWDAfBgNVHSMEGDAWgBRx29y69n91MXrtq4tI -k4aUGv8wWDAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4GBAJEcRaXATvxU -OWIzgH0DwbhR91aDbKMVUM+SoHejNBa1MPAzWr5qrBeHcPhOTUmsi4T95Q8V15op -zKn1l/UTKoY7LfS3tKJ84Q4q/5FkMY8SzJm/4d6Pb3wb5MxWyLuFybrffwd6zQMi -LLb4BjVycrhS62IVhSuPjLwnPIveMtuV +VQQDDAxSdWJ5IFRlc3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB +AQCt801bCwFUzIY20ZNrM1YlkGHWmqD0JCDuyBSrD0uJ2Hy7wPh/++mi1Rxrb9xc +I7FJqizoykNIZGlLir1EV5sU2XqySQDWwnRnYlIdqTLf/noiIEmD4cs93Boq8DYg +wejIidRRGmiRIOC6Zwqya/jjjPXuoTaxiewjtvI5qbku6t7ZhuVCEUbtEJqQdkRO +TUktSejjy/96fYDLv8TDabqcYErer78meLj7RtE30Im6eJNqN6XpWOfi4318lSB5 +QVYVzbLGO+G357pHYJoFsQfzJnKdOxsCGD3V3ubpMKm1jxUbQPlkYVTTU+jEKUqJ +8+UN/RZh7vJtikWoNH5TRo6HAgMBAAGjUzBRMB0GA1UdDgQWBBSgfguto6031yEL +dW+KkF+MyWnfmDAfBgNVHSMEGDAWgBSgfguto6031yELdW+KkF+MyWnfmDAPBgNV +HRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAG6gYCGZrLlKJ+wIZxZuel +cUaiJVX15Vjf0ZFY5ooOkbMiTIhNXwKvD3NlDa+a8uQ28x/oKB2cdHJb9xLo+kXW +3+Xx05H0DtviVmPugldvEq3XDd5ajD120ofJSBzE84ljPMIl4N1jpkxsWgd7hnhi +hgKh7w5BdcXUYavDO5tRC+Y0bQsUWi2q01gmQ49M10VzHmdmXvMMaXAnodVw81oQ +mMhPijufrY6NSY/79jZdT3D5T1Qzz6KmHYxhuTBC8knRPaHx6x54pjD4ikiJxz69 +DdhyBKYA5WKkEz+etoYl3NH/Ovz1DuQO97hmkP5PwlQqf2Fu50u/QH51MAJbu5Eb -----END CERTIFICATE----- End @@ -258,7 +279,7 @@ Certificate: https://github.com/ruby/ruby/blob/trunk/test/open-uri/test_ssl.rb#L279 Data: Version: 3 (0x2) Serial Number: 1 (0x1) - Signature Algorithm: sha256WithRSAEncryption + Signature Algorithm: sha256WithRSAEncryption Issuer: C=JP, ST=Tokyo, O=RubyTest, CN=Ruby Test CA Validity Not Before: Jan 1 00:00:00 2009 GMT @@ -266,17 +287,26 @@ Certificate: https://github.com/ruby/ruby/blob/trunk/test/open-uri/test_ssl.rb#L287 Subject: C=JP, ST=Tokyo, O=RubyTest, CN=127.0.0.1 Subject Public Key Info: Public Key Algorithm: rsaEncryption - Public-Key: (1024 bit) + RSA Public-Key: (2048 bit) Modulus: - 00:bb:bd:74:69:53:58:50:24:79:f2:eb:db:8b:97: - e4:69:a4:dd:48:0c:40:35:62:42:b3:35:8c:96:2a: - 62:76:98:b5:2a:e0:f8:78:33:b6:ff:f8:55:bf:44: - 69:21:d7:b5:0e:bd:8a:dd:31:1b:88:d5:b4:5e:7a: - 82:e0:ba:99:6c:04:76:e9:ff:e6:f8:f5:06:8e:7e: - a4:db:db:eb:43:44:12:a7:ca:ca:2b:aa:5f:83:10: - e2:9e:35:55:e8:e8:af:be:c8:7d:bb:c2:d4:aa:c1: - 1c:57:0b:c0:0c:3a:1d:6e:23:a9:03:26:7c:ea:8c: - f0:86:61:ce:f1:ff:42:c7:23 + 00:cb:b3:71:95:12:70:fc:db:d4:a9:a7:66:d6:d3: + 09:dd:06:80:19:e1:f2:d6:1e:31:b6:6b:20:75:51: + dc:a7:37:a9:ac:5b:57:5d:69:36:b6:de:1d:2c:f6: + 44:64:f8:e8:d6:f0:da:38:6a:ba:c2:b1:9e:dc:bb: + 79:94:e0:25:0c:c (... truncated) -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/