Discussion:
[Spice-devel] [PATCH spice-server] tests/pki: Use CA/certificate valid until 2048 and with 2048 bits
Frediano Ziglio
2018-12-04 13:19:31 UTC
Permalink
This changes tests/pki/server-cert.pem and tests/pki/ca-cert.pem to have
2048 bits. These certificates were generated using the
instructions on https://www.spice-space.org/spice-user-manual.html
The -subj args were omitted, and the defaults suggested by openssl used.
The -days parameter was changed to -days 10950, the bits to 2048.

This fixes https://gitlab.freedesktop.org/spice/spice/issues/27.

Signed-off-by: Frediano Ziglio <***@redhat.com>
---
server/tests/pki/ca-cert.pem | 27 ++++++++++++++---------
server/tests/pki/server-cert.pem | 23 +++++++++++--------
server/tests/pki/server-key.pem | 38 +++++++++++++++++++++-----------
3 files changed, 55 insertions(+), 33 deletions(-)

diff --git a/server/tests/pki/ca-cert.pem b/server/tests/pki/ca-cert.pem
index caa9312e..2e40da24 100644
--- a/server/tests/pki/ca-cert.pem
+++ b/server/tests/pki/ca-cert.pem
@@ -1,15 +1,20 @@
-----BEGIN CERTIFICATE-----
-MIICUjCCAbugAwIBAgIJAKM/WOQQB3iqMA0GCSqGSIb3DQEBCwUAMEIxCzAJBgNV
+MIIDWjCCAkKgAwIBAgIJAILhGzNuNWQHMA0GCSqGSIb3DQEBCwUAMEIxCzAJBgNV
BAYTAlhYMRUwEwYDVQQHDAxEZWZhdWx0IENpdHkxHDAaBgNVBAoME0RlZmF1bHQg
-Q29tcGFueSBMdGQwHhcNMTcwMzIzMTA0MDEwWhcNNDcwMzE2MTA0MDEwWjBCMQsw
+Q29tcGFueSBMdGQwHhcNMTgxMjA0MTIxNjAzWhcNNDgxMTI2MTIxNjAzWjBCMQsw
CQYDVQQGEwJYWDEVMBMGA1UEBwwMRGVmYXVsdCBDaXR5MRwwGgYDVQQKDBNEZWZh
-dWx0IENvbXBhbnkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDZXCWk
-OuMVr45sAE9a7RM1K2brRdwzjdEqy1OV0dhqymL9YG/iygGp4HqwkLvLqEewq1bD
-sCcIbRlOidmBv9+uhy2zU9tBzaAptB7Vb6lAAa0PHlUQnQskVcPCwsK7RxwWw0/J
-pfld8qDAY1t8qM6mSy9Kuyk0X4FOvcuVQKCmiQIDAQABo1AwTjAdBgNVHQ4EFgQU
-eCFCqTxHPsa+7B0vcCZyxEgCnBwwHwYDVR0jBBgwFoAUeCFCqTxHPsa+7B0vcCZy
-xEgCnBwwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOBgQBr+TeJqQH+SlAp
-GcA90SkGnqcEJSijjF9qcgmL0F5Z/yCBDaZa6F3wh/rXNZB2rKfQGW6Mem9KS8cm
-lui4A1pomMZBWQMwUYP02UF1fHg76RCG7PMhBZR2GkqHqHWfZBfFigdIWKFrm5fq
-92l4opvf97dSiOF9x1JLPUeoOOJL8A==
+dWx0IENvbXBhbnkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
+8jyIHqDhnkoNNMnC9ACMTgN0nZSJh0F2QQw4vajumoyVQ2wQmAC2BsndvYPhZV3/
+2pGTl6X4LANUPWqGxp++ZJrzBUFPLIYKe1T7DCPyvoJoI6BKHYb15OrokryylGkO
+QKgWYbCl3p+2R9KaADYWQdHaMs1VzKuEtZ5dmX9Or3qbU88tDeLvbirVhCxmmt2x
+F4NF4V1ZKVud5DanPGxtSnNydmTvkaBwPTWYig6EpBp+UlV+cH1P7vbORXnNlT4C
+x54d1v8qJIxunbYq/je0lgdIDYU/gFZ6t8PoS5iuP0s7aFjOfBCjl41oO3R4gNob
+VXZQA7kVreiLbc6O9orbKwIDAQABo1MwUTAdBgNVHQ4EFgQUcDtvufvglN3CQ55v
+3J30/2S7WDMwHwYDVR0jBBgwFoAUcDtvufvglN3CQ55v3J30/2S7WDMwDwYDVR0T
+AQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAsAFKXWd8gBmp1yybvUUDIPDr
+t+sPp71KcXkmhTEn8LL2xcYRhvAGgzhYQb/pCCvNU9to7TLlcehSlrfrzV7KwJzk
+UWlxCd/lmTU/eM0rlxzzO90xV37u0H7BKSqBKQBrvuMEk9H2T+oXg9rkP8dQBQKF
+BmrU7udE1SO324b5H1Sh3JobvvZ5IUei8nE5yqnGO3Oo8dl/V9LLyFdR+dCaE1jt
+JrGxLUBfQthPmdI9V+A6oD45v5VS1Lbdg6SAfCuhqlCAZeg89gywy3v9DpKSZ8So
+szIgdn8akS4vmcLv9qvwcIrf6rg1k11OJLGbGj0ySx30gREGFbVSwHq789LsfA==
-----END CERTIFICATE-----
diff --git a/server/tests/pki/server-cert.pem b/server/tests/pki/server-cert.pem
index 4bb20241..5ace4081 100644
--- a/server/tests/pki/server-cert.pem
+++ b/server/tests/pki/server-cert.pem
@@ -1,13 +1,18 @@
-----BEGIN CERTIFICATE-----
-MIIB8zCCAVwCAQEwDQYJKoZIhvcNAQELBQAwQjELMAkGA1UEBhMCWFgxFTATBgNV
+MIIC+DCCAeACAQEwDQYJKoZIhvcNAQELBQAwQjELMAkGA1UEBhMCWFgxFTATBgNV
BAcMDERlZmF1bHQgQ2l0eTEcMBoGA1UECgwTRGVmYXVsdCBDb21wYW55IEx0ZDAe
-Fw0xNzAzMjMxMDQwNDVaFw00NzAzMTYxMDQwNDVaMEIxCzAJBgNVBAYTAlhYMRUw
+Fw0xODEyMDQxMjE2MDlaFw00ODExMjYxMjE2MDlaMEIxCzAJBgNVBAYTAlhYMRUw
EwYDVQQHDAxEZWZhdWx0IENpdHkxHDAaBgNVBAoME0RlZmF1bHQgQ29tcGFueSBM
-dGQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMXDPMZLse8CuEwJKMkvEdmB
-wK+33T0jOMkUJPt8LseLCjXmYOir2gWrsnP5fgxpwx/Xxb61ivwhAtC2mFcy3xXp
-RNkDHk3F2XpGwD0Msj9tR9DYidyRz/rN1BRth5ZLm0TvjmwWcBb7qWICIVTLsp6z
-XuM/erA3E00s7VANBlaPAgMBAAEwDQYJKoZIhvcNAQELBQADgYEA2Om01Qav2OQc
-ZjIPUmlqSzY96xyT8gzCIOyQikCuJ3Qdem4Qv1c9RxDFxNSrnNINx7Rrtkqp7dM7
-st+gUqdKc2jvb301TbS+SlDaK1Nre5vB8bPg1cJxUwWX1fDy2igIok0KmM1P7S8M
-isa/qmobRb4rzvn3blThesqFez9xRhk=
+dGQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGeaFsglHGN+XLMscC
+XEgYk10zsVZ2PvMO/cVRd5ykaHUFUknOnoImxnxWhfTKmlkM7W4fZCXulc0oOxpy
+ycTxsLzePAvlq/lMSTHK44mQWAB5vwZq6fEBMN6op2m09VqJjSc6CNoH+b5lDm+B
+fx4SvC+ZBSdoRXoonqnNsqcTzp7NkSqD9kJHYFF4I60CdTwXqhNBUqSJ+F1QJoJS
+K2DAnJUMDwHQfoWHWuuX/SM1adh6NrxXNNQ99TrAwtm3faUF6D3narNfjUVzSMlk
+FWBOxnZojny8gt4xONp/1VXYRnA17wst2SbxPYaux/NAQVFrb9btIs+31JZe/9iC
+LrD9AgMBAAEwDQYJKoZIhvcNAQELBQADggEBAGZKPFTKyplFuyn//kM7ZncZKbST
+zjSoCljAkrOL6bPpgZ4Q2U1HVH5OFtYyH5p6woMY4GKqhq+hy+O6lfGmbiGg+cB0
+doVH+/Tn6cWuctIu9Afb3JQWnagZMJLiUBBNYkRtFpxHDatRzsuJnzr66d0zne3v
+reCvRYi/H36H0zY6xtvR6DORSy0EJ1C/PiRXUW+Uag2l0IcHsj6UlJ9gqYk+4bNL
+u7rJcP11aGcdDcBwv/c08iYIcu3co0hxKMUpgPiz8wAipJSjDsJPYmeJcZyllBPk
+XvCKpRHS8EhaYQ4lZbChJPR8RDlf9J1z4wY8HMcVKHTQfp9q9XrsbOJ4x/o=
-----END CERTIFICATE-----
diff --git a/server/tests/pki/server-key.pem b/server/tests/pki/server-key.pem
index 0851142b..f6a3aa79 100644
--- a/server/tests/pki/server-key.pem
+++ b/server/tests/pki/server-key.pem
@@ -1,15 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
-MIICXAIBAAKBgQDFwzzGS7HvArhMCSjJLxHZgcCvt909IzjJFCT7fC7Hiwo15mDo
-q9oFq7Jz+X4MacMf18W+tYr8IQLQtphXMt8V6UTZAx5Nxdl6RsA9DLI/bUfQ2Inc
-kc/6zdQUbYeWS5tE745sFnAW+6liAiFUy7Kes17jP3qwNxNNLO1QDQZWjwIDAQAB
-AoGACwzjwnjMUnyma6k/XC6DItI7QBZYCGiFbcbwYhUIUCIWyfg7hgTEQ/jaGdzh
-DDSEsKzP4d4nC/uUOrFZRdYT3P5pXXFOFHkCiiG6IZeoQ0nO1CNBh/t08Wcy9ASt
-o9wIvAQHvvdp5vKBmkOydFWvnMix5ZOrWiAHVQo1vaUiYYECQQDoPsky1zpc9Ehf
-8FY5Ayro62sxa0hwCNxdrFPu8d6M/J0iz+n47YhyKISE9498dWXepSe06rd2oMQ8
-DubEF6xhAkEA2f2LFT1N6m6xQPlVkxmNc5M1RWmShmEiV818kgr7/ywk4VBD0RxT
-yVwuEier2n92DFLzN7o1wQtqxeQnXwVo7wJAXNMLc6iWiSSR8NaMf8kGU4YUl/H7
-R9wix8Xi3jQJ8WveGlXjfDzkNkx/eu2/ic0aZDy6fBL8NQvYovCJx4J2wQJAJlCR
-JJ+M1Vq1XwU0DFHeceT65QNkVKg4ABTHA2hY2IXqyYtxEA0ZkPfZxSkh5Jqopgvi
-YfYhwpd+IeAzJ1ltEwJBAMmPD9K/RzZKm05AZ20hVgo+BkLRQ5XlWtIuyiB8gFy1
-OfpkFifKxclsVxT2WTizfZD0vlmlACrdiE4z4Zf/+/0=
+MIIEpAIBAAKCAQEAxnmhbIJRxjflyzLHAlxIGJNdM7FWdj7zDv3FUXecpGh1BVJJ
+zp6CJsZ8VoX0yppZDO1uH2Ql7pXNKDsacsnE8bC83jwL5av5TEkxyuOJkFgAeb8G
+aunxATDeqKdptPVaiY0nOgjaB/m+ZQ5vgX8eErwvmQUnaEV6KJ6pzbKnE86ezZEq
+g/ZCR2BReCOtAnU8F6oTQVKkifhdUCaCUitgwJyVDA8B0H6Fh1rrl/0jNWnYeja8
+VzTUPfU6wMLZt32lBeg952qzX41Fc0jJZBVgTsZ2aI58vILeMTjaf9VV2EZwNe8L
+Ldkm8T2GrsfzQEFRa2/W7SLPt9SWXv/Ygi6w/QIDAQABAoIBAEBJrYvkOnCmMny7
+GdMd6Qxsz0erLYJnqXs1n/BfehGW9DChEt8mYKoGqMet5Dir/iQ90+m/GrpJM4bQ
+fiSoTm6q/MJPWNsv9TRMkSBSy4BBwQWuZnnDBRmJptWiRI8k2gqr+gTGUTk8H/vD
+zUJ41ljjM9ew367aslLt8bp7H7s+JBLi60F9PnnMJ+fZJpdB2trRvzwp0gWN1kEy
+VQUydSEV1yLT/rFkFcm8gRceTlh2yb3CPbZDMF/CExNahnxFaibKYtXd7J26jHKN
+TbSPO7Rm6e3AcyLZMxyyC4PcU975Bg22HThZFEYDCYLyZuc4zCHxnWFmtEhEc/Vn
+AHEaW9ECgYEA4nDLUHt7y6HUUr/TJo5fNJ5Jc/yK+2J/brUmVBiL49j+rvpqfq8A
+1ozT6Ga6I+PjRhA+CvrjfCG7wUi71rjx1QGThCGUrko7VYG/Un3jus1dem/PR/nq
+Tt27GTalmwCIjrHxUH6CTv4uOKdd7LlEXNqyqq2UbGShOai0xsOPr2cCgYEA4GJI
+vohNsuhfjA7K+PdJ3BmRtC5WIUZYthT86//vumn4AURmUJvWc5+q0cC6tPM01HIH
+BqO/ZFPD7p9GIh9ZbDWsEL5A4r3sLT2vFk3MV9iwiqb0WpZbg9KVuhNOaZ47JKFR
+YxpaHcLUdcDXvrqz+o/l2ITG5x/FFkMQlRiNMfsCgYEA2R15dEPSIR+bq3QOCyv7
+kUIr/7Anun1o3keG5p9aki8fk7q7nZhC33TMQkstMvhwlF9Cfditgfn+Qodww6M1
+DR2jyc9A9hRq68OqJHhcgGIkvR6zyrmPterYWIaTJxnN1bQ8Qwfp/b+tpdikMDQ7
+niR7pzcj1wJtrBFctDASdwUCgYEAxCUGZA/wo+k/xMYVpic9WHq9hJ1Qy0ucNqcI
+JSEYpYMGuczaB7MCdxZnE25/h7hmQSPggmxX3VLgHtL6Us/GsrIEVKqLO+o775xR
+VpTxgQU55iplxl5TZ1uJaRyBWhBosO+XnqMljYiHgtvtfJvmwqxRhsEiwl1iQsCj
+WUIaA0sCgYAuRXM1HmWzAfCpANJVWyjswr9Zg4KjCC2QSM2XOGaTISyNPyKyQ3Yf
++xz41ggx6uss1oyyYTXkZ+mGsJJ3fFZWG3k/w0tZwMhS9RzFd1qJTrMqXy+MeCG1
+nb2nTEYNih5Yq5A+ZzYWhSZ7qAZP0oFdtb6TaR8ke3SYFpJqZzvD7g==
-----END RSA PRIVATE KEY-----
--
2.17.2
Frediano Ziglio
2018-12-05 11:27:18 UTC
Permalink
Post by Frediano Ziglio
This changes tests/pki/server-cert.pem and tests/pki/ca-cert.pem to have
2048 bits. These certificates were generated using the
instructions on https://www.spice-space.org/spice-user-manual.html
The -subj args were omitted, and the defaults suggested by openssl used.
The -days parameter was changed to -days 10950, the bits to 2048.
This fixes https://gitlab.freedesktop.org/spice/spice/issues/27.
Successful run on CI:

https://gitlab.freedesktop.org/fziglio/spice/pipelines/11136
Post by Frediano Ziglio
---
server/tests/pki/ca-cert.pem | 27 ++++++++++++++---------
server/tests/pki/server-cert.pem | 23 +++++++++++--------
server/tests/pki/server-key.pem | 38 +++++++++++++++++++++-----------
3 files changed, 55 insertions(+), 33 deletions(-)
diff --git a/server/tests/pki/ca-cert.pem b/server/tests/pki/ca-cert.pem
index caa9312e..2e40da24 100644
--- a/server/tests/pki/ca-cert.pem
+++ b/server/tests/pki/ca-cert.pem
@@ -1,15 +1,20 @@
-----BEGIN CERTIFICATE-----
-MIICUjCCAbugAwIBAgIJAKM/WOQQB3iqMA0GCSqGSIb3DQEBCwUAMEIxCzAJBgNV
+MIIDWjCCAkKgAwIBAgIJAILhGzNuNWQHMA0GCSqGSIb3DQEBCwUAMEIxCzAJBgNV
BAYTAlhYMRUwEwYDVQQHDAxEZWZhdWx0IENpdHkxHDAaBgNVBAoME0RlZmF1bHQg
-Q29tcGFueSBMdGQwHhcNMTcwMzIzMTA0MDEwWhcNNDcwMzE2MTA0MDEwWjBCMQsw
+Q29tcGFueSBMdGQwHhcNMTgxMjA0MTIxNjAzWhcNNDgxMTI2MTIxNjAzWjBCMQsw
CQYDVQQGEwJYWDEVMBMGA1UEBwwMRGVmYXVsdCBDaXR5MRwwGgYDVQQKDBNEZWZh
-dWx0IENvbXBhbnkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDZXCWk
-OuMVr45sAE9a7RM1K2brRdwzjdEqy1OV0dhqymL9YG/iygGp4HqwkLvLqEewq1bD
-sCcIbRlOidmBv9+uhy2zU9tBzaAptB7Vb6lAAa0PHlUQnQskVcPCwsK7RxwWw0/J
-pfld8qDAY1t8qM6mSy9Kuyk0X4FOvcuVQKCmiQIDAQABo1AwTjAdBgNVHQ4EFgQU
-eCFCqTxHPsa+7B0vcCZyxEgCnBwwHwYDVR0jBBgwFoAUeCFCqTxHPsa+7B0vcCZy
-xEgCnBwwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOBgQBr+TeJqQH+SlAp
-GcA90SkGnqcEJSijjF9qcgmL0F5Z/yCBDaZa6F3wh/rXNZB2rKfQGW6Mem9KS8cm
-lui4A1pomMZBWQMwUYP02UF1fHg76RCG7PMhBZR2GkqHqHWfZBfFigdIWKFrm5fq
-92l4opvf97dSiOF9x1JLPUeoOOJL8A==
+dWx0IENvbXBhbnkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
+8jyIHqDhnkoNNMnC9ACMTgN0nZSJh0F2QQw4vajumoyVQ2wQmAC2BsndvYPhZV3/
+2pGTl6X4LANUPWqGxp++ZJrzBUFPLIYKe1T7DCPyvoJoI6BKHYb15OrokryylGkO
+QKgWYbCl3p+2R9KaADYWQdHaMs1VzKuEtZ5dmX9Or3qbU88tDeLvbirVhCxmmt2x
+F4NF4V1ZKVud5DanPGxtSnNydmTvkaBwPTWYig6EpBp+UlV+cH1P7vbORXnNlT4C
+x54d1v8qJIxunbYq/je0lgdIDYU/gFZ6t8PoS5iuP0s7aFjOfBCjl41oO3R4gNob
+VXZQA7kVreiLbc6O9orbKwIDAQABo1MwUTAdBgNVHQ4EFgQUcDtvufvglN3CQ55v
+3J30/2S7WDMwHwYDVR0jBBgwFoAUcDtvufvglN3CQ55v3J30/2S7WDMwDwYDVR0T
+AQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAsAFKXWd8gBmp1yybvUUDIPDr
+t+sPp71KcXkmhTEn8LL2xcYRhvAGgzhYQb/pCCvNU9to7TLlcehSlrfrzV7KwJzk
+UWlxCd/lmTU/eM0rlxzzO90xV37u0H7BKSqBKQBrvuMEk9H2T+oXg9rkP8dQBQKF
+BmrU7udE1SO324b5H1Sh3JobvvZ5IUei8nE5yqnGO3Oo8dl/V9LLyFdR+dCaE1jt
+JrGxLUBfQthPmdI9V+A6oD45v5VS1Lbdg6SAfCuhqlCAZeg89gywy3v9DpKSZ8So
+szIgdn8akS4vmcLv9qvwcIrf6rg1k11OJLGbGj0ySx30gREGFbVSwHq789LsfA==
-----END CERTIFICATE-----
diff --git a/server/tests/pki/server-cert.pem
b/server/tests/pki/server-cert.pem
index 4bb20241..5ace4081 100644
--- a/server/tests/pki/server-cert.pem
+++ b/server/tests/pki/server-cert.pem
@@ -1,13 +1,18 @@
-----BEGIN CERTIFICATE-----
-MIIB8zCCAVwCAQEwDQYJKoZIhvcNAQELBQAwQjELMAkGA1UEBhMCWFgxFTATBgNV
+MIIC+DCCAeACAQEwDQYJKoZIhvcNAQELBQAwQjELMAkGA1UEBhMCWFgxFTATBgNV
BAcMDERlZmF1bHQgQ2l0eTEcMBoGA1UECgwTRGVmYXVsdCBDb21wYW55IEx0ZDAe
-Fw0xNzAzMjMxMDQwNDVaFw00NzAzMTYxMDQwNDVaMEIxCzAJBgNVBAYTAlhYMRUw
+Fw0xODEyMDQxMjE2MDlaFw00ODExMjYxMjE2MDlaMEIxCzAJBgNVBAYTAlhYMRUw
EwYDVQQHDAxEZWZhdWx0IENpdHkxHDAaBgNVBAoME0RlZmF1bHQgQ29tcGFueSBM
-dGQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMXDPMZLse8CuEwJKMkvEdmB
-wK+33T0jOMkUJPt8LseLCjXmYOir2gWrsnP5fgxpwx/Xxb61ivwhAtC2mFcy3xXp
-RNkDHk3F2XpGwD0Msj9tR9DYidyRz/rN1BRth5ZLm0TvjmwWcBb7qWICIVTLsp6z
-XuM/erA3E00s7VANBlaPAgMBAAEwDQYJKoZIhvcNAQELBQADgYEA2Om01Qav2OQc
-ZjIPUmlqSzY96xyT8gzCIOyQikCuJ3Qdem4Qv1c9RxDFxNSrnNINx7Rrtkqp7dM7
-st+gUqdKc2jvb301TbS+SlDaK1Nre5vB8bPg1cJxUwWX1fDy2igIok0KmM1P7S8M
-isa/qmobRb4rzvn3blThesqFez9xRhk=
+dGQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGeaFsglHGN+XLMscC
+XEgYk10zsVZ2PvMO/cVRd5ykaHUFUknOnoImxnxWhfTKmlkM7W4fZCXulc0oOxpy
+ycTxsLzePAvlq/lMSTHK44mQWAB5vwZq6fEBMN6op2m09VqJjSc6CNoH+b5lDm+B
+fx4SvC+ZBSdoRXoonqnNsqcTzp7NkSqD9kJHYFF4I60CdTwXqhNBUqSJ+F1QJoJS
+K2DAnJUMDwHQfoWHWuuX/SM1adh6NrxXNNQ99TrAwtm3faUF6D3narNfjUVzSMlk
+FWBOxnZojny8gt4xONp/1VXYRnA17wst2SbxPYaux/NAQVFrb9btIs+31JZe/9iC
+LrD9AgMBAAEwDQYJKoZIhvcNAQELBQADggEBAGZKPFTKyplFuyn//kM7ZncZKbST
+zjSoCljAkrOL6bPpgZ4Q2U1HVH5OFtYyH5p6woMY4GKqhq+hy+O6lfGmbiGg+cB0
+doVH+/Tn6cWuctIu9Afb3JQWnagZMJLiUBBNYkRtFpxHDatRzsuJnzr66d0zne3v
+reCvRYi/H36H0zY6xtvR6DORSy0EJ1C/PiRXUW+Uag2l0IcHsj6UlJ9gqYk+4bNL
+u7rJcP11aGcdDcBwv/c08iYIcu3co0hxKMUpgPiz8wAipJSjDsJPYmeJcZyllBPk
+XvCKpRHS8EhaYQ4lZbChJPR8RDlf9J1z4wY8HMcVKHTQfp9q9XrsbOJ4x/o=
-----END CERTIFICATE-----
diff --git a/server/tests/pki/server-key.pem
b/server/tests/pki/server-key.pem
index 0851142b..f6a3aa79 100644
--- a/server/tests/pki/server-key.pem
+++ b/server/tests/pki/server-key.pem
@@ -1,15 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
-MIICXAIBAAKBgQDFwzzGS7HvArhMCSjJLxHZgcCvt909IzjJFCT7fC7Hiwo15mDo
-q9oFq7Jz+X4MacMf18W+tYr8IQLQtphXMt8V6UTZAx5Nxdl6RsA9DLI/bUfQ2Inc
-kc/6zdQUbYeWS5tE745sFnAW+6liAiFUy7Kes17jP3qwNxNNLO1QDQZWjwIDAQAB
-AoGACwzjwnjMUnyma6k/XC6DItI7QBZYCGiFbcbwYhUIUCIWyfg7hgTEQ/jaGdzh
-DDSEsKzP4d4nC/uUOrFZRdYT3P5pXXFOFHkCiiG6IZeoQ0nO1CNBh/t08Wcy9ASt
-o9wIvAQHvvdp5vKBmkOydFWvnMix5ZOrWiAHVQo1vaUiYYECQQDoPsky1zpc9Ehf
-8FY5Ayro62sxa0hwCNxdrFPu8d6M/J0iz+n47YhyKISE9498dWXepSe06rd2oMQ8
-DubEF6xhAkEA2f2LFT1N6m6xQPlVkxmNc5M1RWmShmEiV818kgr7/ywk4VBD0RxT
-yVwuEier2n92DFLzN7o1wQtqxeQnXwVo7wJAXNMLc6iWiSSR8NaMf8kGU4YUl/H7
-R9wix8Xi3jQJ8WveGlXjfDzkNkx/eu2/ic0aZDy6fBL8NQvYovCJx4J2wQJAJlCR
-JJ+M1Vq1XwU0DFHeceT65QNkVKg4ABTHA2hY2IXqyYtxEA0ZkPfZxSkh5Jqopgvi
-YfYhwpd+IeAzJ1ltEwJBAMmPD9K/RzZKm05AZ20hVgo+BkLRQ5XlWtIuyiB8gFy1
-OfpkFifKxclsVxT2WTizfZD0vlmlACrdiE4z4Zf/+/0=
+MIIEpAIBAAKCAQEAxnmhbIJRxjflyzLHAlxIGJNdM7FWdj7zDv3FUXecpGh1BVJJ
+zp6CJsZ8VoX0yppZDO1uH2Ql7pXNKDsacsnE8bC83jwL5av5TEkxyuOJkFgAeb8G
+aunxATDeqKdptPVaiY0nOgjaB/m+ZQ5vgX8eErwvmQUnaEV6KJ6pzbKnE86ezZEq
+g/ZCR2BReCOtAnU8F6oTQVKkifhdUCaCUitgwJyVDA8B0H6Fh1rrl/0jNWnYeja8
+VzTUPfU6wMLZt32lBeg952qzX41Fc0jJZBVgTsZ2aI58vILeMTjaf9VV2EZwNe8L
+Ldkm8T2GrsfzQEFRa2/W7SLPt9SWXv/Ygi6w/QIDAQABAoIBAEBJrYvkOnCmMny7
+GdMd6Qxsz0erLYJnqXs1n/BfehGW9DChEt8mYKoGqMet5Dir/iQ90+m/GrpJM4bQ
+fiSoTm6q/MJPWNsv9TRMkSBSy4BBwQWuZnnDBRmJptWiRI8k2gqr+gTGUTk8H/vD
+zUJ41ljjM9ew367aslLt8bp7H7s+JBLi60F9PnnMJ+fZJpdB2trRvzwp0gWN1kEy
+VQUydSEV1yLT/rFkFcm8gRceTlh2yb3CPbZDMF/CExNahnxFaibKYtXd7J26jHKN
+TbSPO7Rm6e3AcyLZMxyyC4PcU975Bg22HThZFEYDCYLyZuc4zCHxnWFmtEhEc/Vn
+AHEaW9ECgYEA4nDLUHt7y6HUUr/TJo5fNJ5Jc/yK+2J/brUmVBiL49j+rvpqfq8A
+1ozT6Ga6I+PjRhA+CvrjfCG7wUi71rjx1QGThCGUrko7VYG/Un3jus1dem/PR/nq
+Tt27GTalmwCIjrHxUH6CTv4uOKdd7LlEXNqyqq2UbGShOai0xsOPr2cCgYEA4GJI
+vohNsuhfjA7K+PdJ3BmRtC5WIUZYthT86//vumn4AURmUJvWc5+q0cC6tPM01HIH
+BqO/ZFPD7p9GIh9ZbDWsEL5A4r3sLT2vFk3MV9iwiqb0WpZbg9KVuhNOaZ47JKFR
+YxpaHcLUdcDXvrqz+o/l2ITG5x/FFkMQlRiNMfsCgYEA2R15dEPSIR+bq3QOCyv7
+kUIr/7Anun1o3keG5p9aki8fk7q7nZhC33TMQkstMvhwlF9Cfditgfn+Qodww6M1
+DR2jyc9A9hRq68OqJHhcgGIkvR6zyrmPterYWIaTJxnN1bQ8Qwfp/b+tpdikMDQ7
+niR7pzcj1wJtrBFctDASdwUCgYEAxCUGZA/wo+k/xMYVpic9WHq9hJ1Qy0ucNqcI
+JSEYpYMGuczaB7MCdxZnE25/h7hmQSPggmxX3VLgHtL6Us/GsrIEVKqLO+o775xR
+VpTxgQU55iplxl5TZ1uJaRyBWhBosO+XnqMljYiHgtvtfJvmwqxRhsEiwl1iQsCj
+WUIaA0sCgYAuRXM1HmWzAfCpANJVWyjswr9Zg4KjCC2QSM2XOGaTISyNPyKyQ3Yf
++xz41ggx6uss1oyyYTXkZ+mGsJJ3fFZWG3k/w0tZwMhS9RzFd1qJTrMqXy+MeCG1
+nb2nTEYNih5Yq5A+ZzYWhSZ7qAZP0oFdtb6TaR8ke3SYFpJqZzvD7g==
-----END RSA PRIVATE KEY-----
Christophe Fergeau
2018-12-06 15:35:56 UTC
Permalink
Post by Frediano Ziglio
This changes tests/pki/server-cert.pem and tests/pki/ca-cert.pem to have
2048 bits. These certificates were generated using the
instructions on https://www.spice-space.org/spice-user-manual.html
The -subj args were omitted, and the defaults suggested by openssl used.
The -days parameter was changed to -days 10950, the bits to 2048.
This fixes https://gitlab.freedesktop.org/spice/spice/issues/27.
I would add in the commit log that some distros are starting to use
stricter settings for their openssl configuration, which forbids 2048 bit
keys, and causes test suite failures.

Apart from this,
Acked-by: Christophe Fergeau <***@redhat.com>

Christophe
Post by Frediano Ziglio
---
server/tests/pki/ca-cert.pem | 27 ++++++++++++++---------
server/tests/pki/server-cert.pem | 23 +++++++++++--------
server/tests/pki/server-key.pem | 38 +++++++++++++++++++++-----------
3 files changed, 55 insertions(+), 33 deletions(-)
diff --git a/server/tests/pki/ca-cert.pem b/server/tests/pki/ca-cert.pem
index caa9312e..2e40da24 100644
--- a/server/tests/pki/ca-cert.pem
+++ b/server/tests/pki/ca-cert.pem
@@ -1,15 +1,20 @@
-----BEGIN CERTIFICATE-----
-MIICUjCCAbugAwIBAgIJAKM/WOQQB3iqMA0GCSqGSIb3DQEBCwUAMEIxCzAJBgNV
+MIIDWjCCAkKgAwIBAgIJAILhGzNuNWQHMA0GCSqGSIb3DQEBCwUAMEIxCzAJBgNV
BAYTAlhYMRUwEwYDVQQHDAxEZWZhdWx0IENpdHkxHDAaBgNVBAoME0RlZmF1bHQg
-Q29tcGFueSBMdGQwHhcNMTcwMzIzMTA0MDEwWhcNNDcwMzE2MTA0MDEwWjBCMQsw
+Q29tcGFueSBMdGQwHhcNMTgxMjA0MTIxNjAzWhcNNDgxMTI2MTIxNjAzWjBCMQsw
CQYDVQQGEwJYWDEVMBMGA1UEBwwMRGVmYXVsdCBDaXR5MRwwGgYDVQQKDBNEZWZh
-dWx0IENvbXBhbnkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDZXCWk
-OuMVr45sAE9a7RM1K2brRdwzjdEqy1OV0dhqymL9YG/iygGp4HqwkLvLqEewq1bD
-sCcIbRlOidmBv9+uhy2zU9tBzaAptB7Vb6lAAa0PHlUQnQskVcPCwsK7RxwWw0/J
-pfld8qDAY1t8qM6mSy9Kuyk0X4FOvcuVQKCmiQIDAQABo1AwTjAdBgNVHQ4EFgQU
-eCFCqTxHPsa+7B0vcCZyxEgCnBwwHwYDVR0jBBgwFoAUeCFCqTxHPsa+7B0vcCZy
-xEgCnBwwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOBgQBr+TeJqQH+SlAp
-GcA90SkGnqcEJSijjF9qcgmL0F5Z/yCBDaZa6F3wh/rXNZB2rKfQGW6Mem9KS8cm
-lui4A1pomMZBWQMwUYP02UF1fHg76RCG7PMhBZR2GkqHqHWfZBfFigdIWKFrm5fq
-92l4opvf97dSiOF9x1JLPUeoOOJL8A==
+dWx0IENvbXBhbnkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
+8jyIHqDhnkoNNMnC9ACMTgN0nZSJh0F2QQw4vajumoyVQ2wQmAC2BsndvYPhZV3/
+2pGTl6X4LANUPWqGxp++ZJrzBUFPLIYKe1T7DCPyvoJoI6BKHYb15OrokryylGkO
+QKgWYbCl3p+2R9KaADYWQdHaMs1VzKuEtZ5dmX9Or3qbU88tDeLvbirVhCxmmt2x
+F4NF4V1ZKVud5DanPGxtSnNydmTvkaBwPTWYig6EpBp+UlV+cH1P7vbORXnNlT4C
+x54d1v8qJIxunbYq/je0lgdIDYU/gFZ6t8PoS5iuP0s7aFjOfBCjl41oO3R4gNob
+VXZQA7kVreiLbc6O9orbKwIDAQABo1MwUTAdBgNVHQ4EFgQUcDtvufvglN3CQ55v
+3J30/2S7WDMwHwYDVR0jBBgwFoAUcDtvufvglN3CQ55v3J30/2S7WDMwDwYDVR0T
+AQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAsAFKXWd8gBmp1yybvUUDIPDr
+t+sPp71KcXkmhTEn8LL2xcYRhvAGgzhYQb/pCCvNU9to7TLlcehSlrfrzV7KwJzk
+UWlxCd/lmTU/eM0rlxzzO90xV37u0H7BKSqBKQBrvuMEk9H2T+oXg9rkP8dQBQKF
+BmrU7udE1SO324b5H1Sh3JobvvZ5IUei8nE5yqnGO3Oo8dl/V9LLyFdR+dCaE1jt
+JrGxLUBfQthPmdI9V+A6oD45v5VS1Lbdg6SAfCuhqlCAZeg89gywy3v9DpKSZ8So
+szIgdn8akS4vmcLv9qvwcIrf6rg1k11OJLGbGj0ySx30gREGFbVSwHq789LsfA==
-----END CERTIFICATE-----
diff --git a/server/tests/pki/server-cert.pem b/server/tests/pki/server-cert.pem
index 4bb20241..5ace4081 100644
--- a/server/tests/pki/server-cert.pem
+++ b/server/tests/pki/server-cert.pem
@@ -1,13 +1,18 @@
-----BEGIN CERTIFICATE-----
-MIIB8zCCAVwCAQEwDQYJKoZIhvcNAQELBQAwQjELMAkGA1UEBhMCWFgxFTATBgNV
+MIIC+DCCAeACAQEwDQYJKoZIhvcNAQELBQAwQjELMAkGA1UEBhMCWFgxFTATBgNV
BAcMDERlZmF1bHQgQ2l0eTEcMBoGA1UECgwTRGVmYXVsdCBDb21wYW55IEx0ZDAe
-Fw0xNzAzMjMxMDQwNDVaFw00NzAzMTYxMDQwNDVaMEIxCzAJBgNVBAYTAlhYMRUw
+Fw0xODEyMDQxMjE2MDlaFw00ODExMjYxMjE2MDlaMEIxCzAJBgNVBAYTAlhYMRUw
EwYDVQQHDAxEZWZhdWx0IENpdHkxHDAaBgNVBAoME0RlZmF1bHQgQ29tcGFueSBM
-dGQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMXDPMZLse8CuEwJKMkvEdmB
-wK+33T0jOMkUJPt8LseLCjXmYOir2gWrsnP5fgxpwx/Xxb61ivwhAtC2mFcy3xXp
-RNkDHk3F2XpGwD0Msj9tR9DYidyRz/rN1BRth5ZLm0TvjmwWcBb7qWICIVTLsp6z
-XuM/erA3E00s7VANBlaPAgMBAAEwDQYJKoZIhvcNAQELBQADgYEA2Om01Qav2OQc
-ZjIPUmlqSzY96xyT8gzCIOyQikCuJ3Qdem4Qv1c9RxDFxNSrnNINx7Rrtkqp7dM7
-st+gUqdKc2jvb301TbS+SlDaK1Nre5vB8bPg1cJxUwWX1fDy2igIok0KmM1P7S8M
-isa/qmobRb4rzvn3blThesqFez9xRhk=
+dGQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGeaFsglHGN+XLMscC
+XEgYk10zsVZ2PvMO/cVRd5ykaHUFUknOnoImxnxWhfTKmlkM7W4fZCXulc0oOxpy
+ycTxsLzePAvlq/lMSTHK44mQWAB5vwZq6fEBMN6op2m09VqJjSc6CNoH+b5lDm+B
+fx4SvC+ZBSdoRXoonqnNsqcTzp7NkSqD9kJHYFF4I60CdTwXqhNBUqSJ+F1QJoJS
+K2DAnJUMDwHQfoWHWuuX/SM1adh6NrxXNNQ99TrAwtm3faUF6D3narNfjUVzSMlk
+FWBOxnZojny8gt4xONp/1VXYRnA17wst2SbxPYaux/NAQVFrb9btIs+31JZe/9iC
+LrD9AgMBAAEwDQYJKoZIhvcNAQELBQADggEBAGZKPFTKyplFuyn//kM7ZncZKbST
+zjSoCljAkrOL6bPpgZ4Q2U1HVH5OFtYyH5p6woMY4GKqhq+hy+O6lfGmbiGg+cB0
+doVH+/Tn6cWuctIu9Afb3JQWnagZMJLiUBBNYkRtFpxHDatRzsuJnzr66d0zne3v
+reCvRYi/H36H0zY6xtvR6DORSy0EJ1C/PiRXUW+Uag2l0IcHsj6UlJ9gqYk+4bNL
+u7rJcP11aGcdDcBwv/c08iYIcu3co0hxKMUpgPiz8wAipJSjDsJPYmeJcZyllBPk
+XvCKpRHS8EhaYQ4lZbChJPR8RDlf9J1z4wY8HMcVKHTQfp9q9XrsbOJ4x/o=
-----END CERTIFICATE-----
diff --git a/server/tests/pki/server-key.pem b/server/tests/pki/server-key.pem
index 0851142b..f6a3aa79 100644
--- a/server/tests/pki/server-key.pem
+++ b/server/tests/pki/server-key.pem
@@ -1,15 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
-MIICXAIBAAKBgQDFwzzGS7HvArhMCSjJLxHZgcCvt909IzjJFCT7fC7Hiwo15mDo
-q9oFq7Jz+X4MacMf18W+tYr8IQLQtphXMt8V6UTZAx5Nxdl6RsA9DLI/bUfQ2Inc
-kc/6zdQUbYeWS5tE745sFnAW+6liAiFUy7Kes17jP3qwNxNNLO1QDQZWjwIDAQAB
-AoGACwzjwnjMUnyma6k/XC6DItI7QBZYCGiFbcbwYhUIUCIWyfg7hgTEQ/jaGdzh
-DDSEsKzP4d4nC/uUOrFZRdYT3P5pXXFOFHkCiiG6IZeoQ0nO1CNBh/t08Wcy9ASt
-o9wIvAQHvvdp5vKBmkOydFWvnMix5ZOrWiAHVQo1vaUiYYECQQDoPsky1zpc9Ehf
-8FY5Ayro62sxa0hwCNxdrFPu8d6M/J0iz+n47YhyKISE9498dWXepSe06rd2oMQ8
-DubEF6xhAkEA2f2LFT1N6m6xQPlVkxmNc5M1RWmShmEiV818kgr7/ywk4VBD0RxT
-yVwuEier2n92DFLzN7o1wQtqxeQnXwVo7wJAXNMLc6iWiSSR8NaMf8kGU4YUl/H7
-R9wix8Xi3jQJ8WveGlXjfDzkNkx/eu2/ic0aZDy6fBL8NQvYovCJx4J2wQJAJlCR
-JJ+M1Vq1XwU0DFHeceT65QNkVKg4ABTHA2hY2IXqyYtxEA0ZkPfZxSkh5Jqopgvi
-YfYhwpd+IeAzJ1ltEwJBAMmPD9K/RzZKm05AZ20hVgo+BkLRQ5XlWtIuyiB8gFy1
-OfpkFifKxclsVxT2WTizfZD0vlmlACrdiE4z4Zf/+/0=
+MIIEpAIBAAKCAQEAxnmhbIJRxjflyzLHAlxIGJNdM7FWdj7zDv3FUXecpGh1BVJJ
+zp6CJsZ8VoX0yppZDO1uH2Ql7pXNKDsacsnE8bC83jwL5av5TEkxyuOJkFgAeb8G
+aunxATDeqKdptPVaiY0nOgjaB/m+ZQ5vgX8eErwvmQUnaEV6KJ6pzbKnE86ezZEq
+g/ZCR2BReCOtAnU8F6oTQVKkifhdUCaCUitgwJyVDA8B0H6Fh1rrl/0jNWnYeja8
+VzTUPfU6wMLZt32lBeg952qzX41Fc0jJZBVgTsZ2aI58vILeMTjaf9VV2EZwNe8L
+Ldkm8T2GrsfzQEFRa2/W7SLPt9SWXv/Ygi6w/QIDAQABAoIBAEBJrYvkOnCmMny7
+GdMd6Qxsz0erLYJnqXs1n/BfehGW9DChEt8mYKoGqMet5Dir/iQ90+m/GrpJM4bQ
+fiSoTm6q/MJPWNsv9TRMkSBSy4BBwQWuZnnDBRmJptWiRI8k2gqr+gTGUTk8H/vD
+zUJ41ljjM9ew367aslLt8bp7H7s+JBLi60F9PnnMJ+fZJpdB2trRvzwp0gWN1kEy
+VQUydSEV1yLT/rFkFcm8gRceTlh2yb3CPbZDMF/CExNahnxFaibKYtXd7J26jHKN
+TbSPO7Rm6e3AcyLZMxyyC4PcU975Bg22HThZFEYDCYLyZuc4zCHxnWFmtEhEc/Vn
+AHEaW9ECgYEA4nDLUHt7y6HUUr/TJo5fNJ5Jc/yK+2J/brUmVBiL49j+rvpqfq8A
+1ozT6Ga6I+PjRhA+CvrjfCG7wUi71rjx1QGThCGUrko7VYG/Un3jus1dem/PR/nq
+Tt27GTalmwCIjrHxUH6CTv4uOKdd7LlEXNqyqq2UbGShOai0xsOPr2cCgYEA4GJI
+vohNsuhfjA7K+PdJ3BmRtC5WIUZYthT86//vumn4AURmUJvWc5+q0cC6tPM01HIH
+BqO/ZFPD7p9GIh9ZbDWsEL5A4r3sLT2vFk3MV9iwiqb0WpZbg9KVuhNOaZ47JKFR
+YxpaHcLUdcDXvrqz+o/l2ITG5x/FFkMQlRiNMfsCgYEA2R15dEPSIR+bq3QOCyv7
+kUIr/7Anun1o3keG5p9aki8fk7q7nZhC33TMQkstMvhwlF9Cfditgfn+Qodww6M1
+DR2jyc9A9hRq68OqJHhcgGIkvR6zyrmPterYWIaTJxnN1bQ8Qwfp/b+tpdikMDQ7
+niR7pzcj1wJtrBFctDASdwUCgYEAxCUGZA/wo+k/xMYVpic9WHq9hJ1Qy0ucNqcI
+JSEYpYMGuczaB7MCdxZnE25/h7hmQSPggmxX3VLgHtL6Us/GsrIEVKqLO+o775xR
+VpTxgQU55iplxl5TZ1uJaRyBWhBosO+XnqMljYiHgtvtfJvmwqxRhsEiwl1iQsCj
+WUIaA0sCgYAuRXM1HmWzAfCpANJVWyjswr9Zg4KjCC2QSM2XOGaTISyNPyKyQ3Yf
++xz41ggx6uss1oyyYTXkZ+mGsJJ3fFZWG3k/w0tZwMhS9RzFd1qJTrMqXy+MeCG1
+nb2nTEYNih5Yq5A+ZzYWhSZ7qAZP0oFdtb6TaR8ke3SYFpJqZzvD7g==
-----END RSA PRIVATE KEY-----
--
2.17.2
_______________________________________________
Spice-devel mailing list
https://lists.freedesktop.org/mailman/listinfo/spice-devel
Daniel P. Berrangé
2018-12-06 15:41:49 UTC
Permalink
Post by Christophe Fergeau
Post by Frediano Ziglio
This changes tests/pki/server-cert.pem and tests/pki/ca-cert.pem to have
2048 bits. These certificates were generated using the
instructions on https://www.spice-space.org/spice-user-manual.html
The -subj args were omitted, and the defaults suggested by openssl used.
The -days parameter was changed to -days 10950, the bits to 2048.
This fixes https://gitlab.freedesktop.org/spice/spice/issues/27.
I would add in the commit log that some distros are starting to use
stricter settings for their openssl configuration, which forbids 2048 bit
keys, and causes test suite failures.
Is it possible for apps using openssl to override the default crypto
algorithm configuration ? If so, the tests could set an explicit
config so they run under a predictable setup that's known to be
compatible with the certs that are hardcoded. This is how we dealt
with the same problem in QEMU & libvirt using gnutls, so we don't
have to play cat+mouse in the future as crypto settings change again
in distros.

Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
Frediano Ziglio
2018-12-07 10:57:35 UTC
Permalink
Post by Daniel P. Berrangé
Post by Christophe Fergeau
Post by Frediano Ziglio
This changes tests/pki/server-cert.pem and tests/pki/ca-cert.pem to have
2048 bits. These certificates were generated using the
instructions on https://www.spice-space.org/spice-user-manual.html
The -subj args were omitted, and the defaults suggested by openssl used.
The -days parameter was changed to -days 10950, the bits to 2048.
This fixes https://gitlab.freedesktop.org/spice/spice/issues/27.
I would add in the commit log that some distros are starting to use
stricter settings for their openssl configuration, which forbids 2048 bit
keys, and causes test suite failures.
Is it possible for apps using openssl to override the default crypto
algorithm configuration ? If so, the tests could set an explicit
config so they run under a predictable setup that's known to be
compatible with the certs that are hardcoded. This is how we dealt
with the same problem in QEMU & libvirt using gnutls, so we don't
have to play cat+mouse in the future as crypto settings change again
in distros.
Regards,
Daniel
Try to have a look at OpenSSL. Yes, is possible to change the default.
However the same function that load the certificates also create OpenSSL
context (which would need to be set) so this requires a bit of code change.
I don't think the cat+mouse work is so expensive.

Frediano

Loading...