diff options
author | Christian Heimes <christian@python.org> | 2018-09-20 12:33:53 +0200 |
---|---|---|
committer | Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com> | 2018-09-20 03:33:53 -0700 |
commit | 49d65958e13db03b9a4240d8bdaff1a4be69a1d7 (patch) | |
tree | a83e9d3c1a629b5fd54e63f41b437ed6de318942 /Lib/test/make_ssl_certs.py | |
parent | b63a16febbd1c943c9dbc5c651326b410aa50698 (diff) | |
download | cpython-git-49d65958e13db03b9a4240d8bdaff1a4be69a1d7.tar.gz |
[2.7] bpo-34542: Update test certs and keys (GH-8997) (GH-9397)
Update all test certs and keys to use future proof crypto settings:
* 3072 bit RSA keys
* SHA-256 signature
Signed-off-by: Christian Heimes <christian@python.org>.
(cherry picked from commit e6dac0077996b1e1f886f036d6f2606237fa4c85)
https://bugs.python.org/issue34542
Diffstat (limited to 'Lib/test/make_ssl_certs.py')
-rw-r--r-- | Lib/test/make_ssl_certs.py | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/Lib/test/make_ssl_certs.py b/Lib/test/make_ssl_certs.py index a1f298de34..ca2c12cada 100644 --- a/Lib/test/make_ssl_certs.py +++ b/Lib/test/make_ssl_certs.py @@ -50,7 +50,7 @@ req_template = """ dir = cadir database = $dir/index.txt crlnumber = $dir/crl.txt - default_md = sha1 + default_md = sha256 default_days = 3600 default_crl_days = 3600 certificate = pycacert.pem @@ -88,7 +88,9 @@ req_template = """ here = os.path.abspath(os.path.dirname(__file__)) -def make_cert_key(hostname, sign=False, extra_san=''): + +def make_cert_key(hostname, sign=False, extra_san='', + ext='req_x509_extensions_full', key='rsa:3072'): print("creating cert for " + hostname) tempnames = [] for i in range(3): @@ -146,7 +148,7 @@ def make_ca(): t.flush() with tempfile.NamedTemporaryFile() as f: args = ['req', '-new', '-days', '3650', '-extensions', 'v3_ca', '-nodes', - '-newkey', 'rsa:2048', '-keyout', 'pycakey.pem', + '-newkey', 'rsa:3072', '-keyout', 'pycakey.pem', '-out', f.name, '-subj', '/C=XY/L=Castle Anthrax/O=Python Software Foundation CA/CN=our-ca-server'] check_call(['openssl'] + args) |