diff options
| author | Christian Heimes <christian@python.org> | 2018-08-14 14:53:04 (GMT) |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2018-08-14 14:53:04 (GMT) |
| commit | 1f34aece28d143edb94ca202e661364ca394dc8c (patch) | |
| tree | bdd278e48bcb0ae77f00a045dfa7e99ef4ba9380 /Lib/test/test_ssl.py | |
| parent | d1c5e278a1a2458bc5efcdc300c17f9e39a59b6c (diff) | |
| download | cpython-1f34aece28d143edb94ca202e661364ca394dc8c.zip cpython-1f34aece28d143edb94ca202e661364ca394dc8c.tar.gz cpython-1f34aece28d143edb94ca202e661364ca394dc8c.tar.bz2 | |
[2.7] bpo-34399: 2048 bits RSA keys and DH params (GH-8762) (GH-8765)
Downstream vendors have started to deprecate weak keys. Update all RSA keys
and DH params to use at least 2048 bits.
Finite field DH param file use RFC 7919 values, generated with
certtool --get-dh-params --sec-param=high
Signed-off-by: Christian Heimes <christian@python.org>.
(cherry picked from commit 88bfd0bce05043f658e50addd21366f317995e35)
Co-authored-by: Christian Heimes <christian@python.org>
Diffstat (limited to 'Lib/test/test_ssl.py')
| -rw-r--r-- | Lib/test/test_ssl.py | 14 |
1 files changed, 7 insertions, 7 deletions
diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py index 7ced90f..7d06dc5 100644 --- a/Lib/test/test_ssl.py +++ b/Lib/test/test_ssl.py @@ -73,7 +73,7 @@ BADKEY = data_file("badkey.pem") NOKIACERT = data_file("nokia.pem") NULLBYTECERT = data_file("nullbytecert.pem") -DHFILE = data_file("dh1024.pem") +DHFILE = data_file("ffdh3072.pem") BYTES_DHFILE = DHFILE.encode(sys.getfilesystemencoding()) @@ -201,9 +201,9 @@ class BasicSocketTests(unittest.TestCase): (('commonName', 'localhost'),)) ) # Note the next three asserts will fail if the keys are regenerated - self.assertEqual(p['notAfter'], asn1time('Oct 5 23:01:56 2020 GMT')) - self.assertEqual(p['notBefore'], asn1time('Oct 8 23:01:56 2010 GMT')) - self.assertEqual(p['serialNumber'], 'D7C7381919AFC24E') + self.assertEqual(p['notAfter'], asn1time('Jan 17 19:09:06 2028 GMT')) + self.assertEqual(p['notBefore'], asn1time('Jan 19 19:09:06 2018 GMT')) + self.assertEqual(p['serialNumber'], 'F9BA076D5B6ABD9B') self.assertEqual(p['subject'], ((('countryName', 'XY'),), (('localityName', 'Castle Anthrax'),), @@ -2211,10 +2211,10 @@ else: connect to it with a wrong client certificate fails. """ certfile = os.path.join(os.path.dirname(__file__) or os.curdir, - "wrongcert.pem") - server = ThreadedEchoServer(CERTFILE, + "keycert.pem") + server = ThreadedEchoServer(SIGNED_CERTFILE, certreqs=ssl.CERT_REQUIRED, - cacerts=CERTFILE, chatty=False, + cacerts=SIGNING_CA, chatty=False, connectionchatty=False) with server, \ closing(socket.socket()) as sock, \ |