diff options
author | Christian Heimes <christian@python.org> | 2018-08-30 05:25:49 (GMT) |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-08-30 05:25:49 (GMT) |
commit | e6dac0077996b1e1f886f036d6f2606237fa4c85 (patch) | |
tree | 46a22b8c07d1bbff18de4543ff0c5dbfcf7485c3 /Lib/test/make_ssl_certs.py | |
parent | 0382406fccbb31aa993de118b60e7fd4ec264968 (diff) | |
download | cpython-e6dac0077996b1e1f886f036d6f2606237fa4c85.zip cpython-e6dac0077996b1e1f886f036d6f2606237fa4c85.tar.gz cpython-e6dac0077996b1e1f886f036d6f2606237fa4c85.tar.bz2 |
bpo-34542: Update test certs and keys (GH-8997)
Update all test certs and keys to use future proof crypto settings:
* 3072 bit RSA keys
* SHA-256 signature
Signed-off-by: Christian Heimes <christian@python.org>
Diffstat (limited to 'Lib/test/make_ssl_certs.py')
-rw-r--r-- | Lib/test/make_ssl_certs.py | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/Lib/test/make_ssl_certs.py b/Lib/test/make_ssl_certs.py index b908c40..3622765 100644 --- a/Lib/test/make_ssl_certs.py +++ b/Lib/test/make_ssl_certs.py @@ -69,7 +69,7 @@ req_template = """ dir = cadir database = $dir/index.txt crlnumber = $dir/crl.txt - default_md = sha1 + default_md = sha256 default_days = 3600 default_crl_days = 3600 certificate = pycacert.pem @@ -108,7 +108,7 @@ here = os.path.abspath(os.path.dirname(__file__)) def make_cert_key(hostname, sign=False, extra_san='', - ext='req_x509_extensions_full', key='rsa:2048'): + ext='req_x509_extensions_full', key='rsa:3072'): print("creating cert for " + hostname) tempnames = [] for i in range(3): @@ -174,7 +174,7 @@ def make_ca(): t.flush() with tempfile.NamedTemporaryFile() as f: args = ['req', '-new', '-days', '3650', '-extensions', 'v3_ca', '-nodes', - '-newkey', 'rsa:2048', '-keyout', 'pycakey.pem', + '-newkey', 'rsa:3072', '-keyout', 'pycakey.pem', '-out', f.name, '-subj', '/C=XY/L=Castle Anthrax/O=Python Software Foundation CA/CN=our-ca-server'] check_call(['openssl'] + args) |