[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH v2] crypto: use a stronger private key for tests
From: |
Kashyap Chamarthy |
Subject: |
Re: [PATCH v2] crypto: use a stronger private key for tests |
Date: |
Thu, 16 Jul 2020 10:20:27 +0200 |
On Wed, Jul 15, 2020 at 04:47:01PM +0100, Daniel P. Berrangé wrote:
> The unit tests using the x509 crypto functionality have started
> failing in Fedora 33 rawhide with a message like
>
> The certificate uses an insecure algorithm
>
> This is result of Fedora changes to support strong crypto [1]. RSA
It looks like the reference [1] is supposed to resolve to the following
URL:
https://fedoraproject.org/wiki/Changes/StrongCryptoSettings2
Whoever is applying the patch might want to tweak the commit. FWIW:
Reviewed-by: Kashyap Chamarthy <kchamart@redhat.com>
> with 1024 bit key is viewed as legacy and thus insecure. Generate
> a new private key which is 3072 bits long and reasonable future
> proof.
>
> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
> ---
>
> Changed in v2:
>
> - ALso fix the I/O tests key
> - Use RSA key again instead of EC, since it is needed
> for the real TLS sessions in the I/O tests
>
> tests/crypto-tls-x509-helpers.c | 59 ++++++++++++++++++++++-----------
> tests/qemu-iotests/common.tls | 57 +++++++++++++++++++++----------
> 2 files changed, 79 insertions(+), 37 deletions(-)
>
[...]
--
/kashyap