| From: | Peter Eisentraut <peter_e(at)gmx(dot)net> |
|---|---|
| To: | pgsql-committers(at)lists(dot)postgresql(dot)org |
| Subject: | pgsql: Update ssl test certificates and keys |
| Date: | 2018-11-27 14:21:39 |
| Message-ID: | E1gReF9-0006Nd-Nz@gemulon.postgresql.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-committers pgsql-hackers |
Update ssl test certificates and keys
Debian testing and newer now require that RSA and DHE keys are at
least 2048 bit long and no longer allow SHA-1 for signatures in
certificates. This is currently causing the ssl tests to fail there
because the test certificates and keys have been created in violation
of those conditions.
Update the parameters to create the test files and create a new set of
test files.
Author: Kyotaro HORIGUCHI <horiguchi(dot)kyotaro(at)lab(dot)ntt(dot)co(dot)jp>
Reported-by: Michael Paquier <michael(at)paquier(dot)xyz>
Discussion: https://www.postgresql.org/message-id/flat/20180917131340.GE31460%40paquier.xyz
Branch
------
master
Details
-------
https://git.postgresql.org/pg/commitdiff/f17889b2214194d7bd33900509bf08959d5a7efa
Modified Files
--------------
src/test/ssl/Makefile | 2 +-
src/test/ssl/cas.config | 6 +-
src/test/ssl/ssl/both-cas-1.crt | 77 ++++++++++++++++----------
src/test/ssl/ssl/both-cas-2.crt | 77 ++++++++++++++++----------
src/test/ssl/ssl/client+client_ca.crt | 47 ++++++++++------
src/test/ssl/ssl/client-revoked.crt | 23 +++++---
src/test/ssl/ssl/client-revoked.key | 38 ++++++++-----
src/test/ssl/ssl/client.crl | 16 +++---
src/test/ssl/ssl/client.crt | 23 +++++---
src/test/ssl/ssl/client.key | 38 ++++++++-----
src/test/ssl/ssl/client_ca.crt | 24 +++++---
src/test/ssl/ssl/client_ca.key | 38 ++++++++-----
src/test/ssl/ssl/root+client.crl | 31 ++++++-----
src/test/ssl/ssl/root+client_ca.crt | 53 +++++++++++-------
src/test/ssl/ssl/root+server.crl | 31 ++++++-----
src/test/ssl/ssl/root+server_ca.crt | 53 +++++++++++-------
src/test/ssl/ssl/root.crl | 15 +++--
src/test/ssl/ssl/root_ca.crt | 29 ++++++----
src/test/ssl/ssl/root_ca.key | 38 ++++++++-----
src/test/ssl/ssl/server-cn-and-alt-names.crt | 27 +++++----
src/test/ssl/ssl/server-cn-and-alt-names.key | 38 ++++++++-----
src/test/ssl/ssl/server-cn-only.crt | 27 +++++----
src/test/ssl/ssl/server-cn-only.key | 38 ++++++++-----
src/test/ssl/ssl/server-multiple-alt-names.crt | 29 ++++++----
src/test/ssl/ssl/server-multiple-alt-names.key | 38 ++++++++-----
src/test/ssl/ssl/server-no-names.crt | 26 +++++----
src/test/ssl/ssl/server-no-names.key | 38 ++++++++-----
src/test/ssl/ssl/server-password.key | 40 ++++++++-----
src/test/ssl/ssl/server-revoked.crt | 27 +++++----
src/test/ssl/ssl/server-revoked.key | 38 ++++++++-----
src/test/ssl/ssl/server-single-alt-name.crt | 26 +++++----
src/test/ssl/ssl/server-single-alt-name.key | 38 ++++++++-----
src/test/ssl/ssl/server-ss.crt | 28 ++++++----
src/test/ssl/ssl/server-ss.key | 38 ++++++++-----
src/test/ssl/ssl/server.crl | 16 +++---
src/test/ssl/ssl/server_ca.crt | 24 +++++---
src/test/ssl/ssl/server_ca.key | 38 ++++++++-----
37 files changed, 769 insertions(+), 464 deletions(-)
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Stephen Frost | 2018-11-27 14:39:23 | Re: pgsql: Integrate recovery.conf into postgresql.conf |
| Previous Message | Sergei Kornilov | 2018-11-27 14:16:20 | Re: pgsql: Integrate recovery.conf into postgresql.conf |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Peter Eisentraut | 2018-11-27 14:24:26 | Re: SSL tests failing with "ee key too small" error on Debian SID |
| Previous Message | Sanyo Moura | 2018-11-27 14:16:41 | Query with high planning time at version 11.1 compared versions 10.5 and 11.0 |