| From: | Peter Eisentraut <peter(at)eisentraut(dot)org> |
|---|---|
| To: | pgsql-committers(at)lists(dot)postgresql(dot)org |
| Subject: | pgsql: Update ssl test certificates and keys |
| Date: | 2019-01-03 14:35:14 |
| Message-ID: | E1gf45a-0001i0-Ro@gemulon.postgresql.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-committers |
Update ssl test certificates and keys
Debian testing and newer now require that RSA and DHE keys are at
least 2048 bit long and no longer allow SHA-1 for signatures in
certificates. This is currently causing the ssl tests to fail there
because the test certificates and keys have been created in violation
of those conditions.
Update the parameters to create the test files and create a new set of
test files.
Author: Kyotaro HORIGUCHI <horiguchi(dot)kyotaro(at)lab(dot)ntt(dot)co(dot)jp>
Reported-by: Michael Paquier <michael(at)paquier(dot)xyz>
Discussion: https://www.postgresql.org/message-id/flat/20180917131340.GE31460%40paquier.xyz
Branch
------
REL_10_STABLE
Details
-------
https://git.postgresql.org/pg/commitdiff/114635e552353585a53120539a6bdefba2324362
Modified Files
--------------
src/test/ssl/Makefile | 2 +-
src/test/ssl/cas.config | 6 +-
src/test/ssl/ssl/both-cas-1.crt | 77 ++++++++++++++++----------
src/test/ssl/ssl/both-cas-2.crt | 77 ++++++++++++++++----------
src/test/ssl/ssl/client+client_ca.crt | 47 ++++++++++------
src/test/ssl/ssl/client-revoked.crt | 23 +++++---
src/test/ssl/ssl/client-revoked.key | 38 ++++++++-----
src/test/ssl/ssl/client.crl | 16 +++---
src/test/ssl/ssl/client.crt | 23 +++++---
src/test/ssl/ssl/client.key | 38 ++++++++-----
src/test/ssl/ssl/client_ca.crt | 24 +++++---
src/test/ssl/ssl/client_ca.key | 38 ++++++++-----
src/test/ssl/ssl/root+client.crl | 31 ++++++-----
src/test/ssl/ssl/root+client_ca.crt | 53 +++++++++++-------
src/test/ssl/ssl/root+server.crl | 31 ++++++-----
src/test/ssl/ssl/root+server_ca.crt | 53 +++++++++++-------
src/test/ssl/ssl/root.crl | 15 +++--
src/test/ssl/ssl/root_ca.crt | 29 ++++++----
src/test/ssl/ssl/root_ca.key | 38 ++++++++-----
src/test/ssl/ssl/server-cn-and-alt-names.crt | 27 +++++----
src/test/ssl/ssl/server-cn-and-alt-names.key | 38 ++++++++-----
src/test/ssl/ssl/server-cn-only.crt | 27 +++++----
src/test/ssl/ssl/server-cn-only.key | 38 ++++++++-----
src/test/ssl/ssl/server-multiple-alt-names.crt | 29 ++++++----
src/test/ssl/ssl/server-multiple-alt-names.key | 38 ++++++++-----
src/test/ssl/ssl/server-no-names.crt | 26 +++++----
src/test/ssl/ssl/server-no-names.key | 38 ++++++++-----
src/test/ssl/ssl/server-revoked.crt | 27 +++++----
src/test/ssl/ssl/server-revoked.key | 38 ++++++++-----
src/test/ssl/ssl/server-single-alt-name.crt | 26 +++++----
src/test/ssl/ssl/server-single-alt-name.key | 38 ++++++++-----
src/test/ssl/ssl/server-ss.crt | 28 ++++++----
src/test/ssl/ssl/server-ss.key | 38 ++++++++-----
src/test/ssl/ssl/server.crl | 16 +++---
src/test/ssl/ssl/server_ca.crt | 24 +++++---
src/test/ssl/ssl/server_ca.key | 38 ++++++++-----
36 files changed, 743 insertions(+), 450 deletions(-)
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Peter Eisentraut | 2019-01-03 14:36:36 | Re: pgsql: Update ssl test certificates and keys |
| Previous Message | Tom Lane | 2019-01-02 21:34:20 | pgsql: Don't believe MinMaxExpr is leakproof without checking. |