diff options
| author | Fabien Boucher <fboucher@redhat.com> | 2020-07-21 10:27:57 +0000 |
|---|---|---|
| committer | Fabien Boucher <fboucher@redhat.com> | 2020-07-21 12:16:31 +0000 |
| commit | 79e1c3009e491b2cf8275dc52ce861719ff86d25 (patch) | |
| tree | 8209f52bc8a07bdcd8a9e1f9a1df8265beab0d62 | |
| parent | 9933f068213c9da6c4b0ea59659c13bcf2ebe104 (diff) | |
| download | gear-79e1c3009e491b2cf8275dc52ce861719ff86d25.tar.gz | |
Bump crypto requirement to accomodate security standards
Depends-on: https://review.opendev.org/742165
On Fedora rawhide the gear package no longer build.
https://koschei.fedoraproject.org/package/python-gear?
This patch ensures that the ssl engine does not complains about:
- ssl.SSLError: [SSL: EE_KEY_TOO_SMALL] ee key too small (_ssl.c:2951)
- ssl.SSLError: [SSL: CA_MD_TOO_WEAK] ca md too weak (_ssl.c:2951)
To reproduce the issue:
podman run -it --root fedora:rawhide
dnf install git libffi-devel python-devel tox gcc
git clone https://opendev.org/opendev/gear.git && cd gear
tox -epy39
tox -epy38
Change-Id: I57cd9c4750f27b7b76e92a0eef03e7de70c13dd5
| -rw-r--r-- | gear/tests/test_functional.py | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/gear/tests/test_functional.py b/gear/tests/test_functional.py index 3bca907..ca9b8c1 100644 --- a/gear/tests/test_functional.py +++ b/gear/tests/test_functional.py @@ -78,7 +78,7 @@ class TestFunctional(tests.BaseTestCase): def create_cert(self, cn, issuer=None, signing_key=None): key = crypto.PKey() - key.generate_key(crypto.TYPE_RSA, 1024) + key.generate_key(crypto.TYPE_RSA, 2048) cert = crypto.X509() subject = cert.get_subject() @@ -97,7 +97,7 @@ class TestFunctional(tests.BaseTestCase): else: cert.set_issuer(subject) if signing_key: - cert.sign(signing_key, 'sha1') + cert.sign(signing_key, 'sha256') else: cert.sign(key, 'sha1') |