undef/git-commit-vandalism
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

t/lib-httpd: increase ssl key size to 2048 bits

Browse Source 
Recent versions of openssl will refuse to work with 1024-bit RSA keys,
as they are considered insecure. I didn't track down the exact version
in which the defaults were tightened, but the Debian-package openssl 3.0
on my system yields:

  $ LIB_HTTPD_SSL=1 ./t5551-http-fetch-smart.sh -v -i
  [...]
  SSL Library Error: error:0A00018F:SSL routines::ee key too small
  1..0 # SKIP web server setup failed

This could probably be overcome with configuration, but that's likely
to be a headache (especially if it requires touching /etc/openssl).
Let's just pick a key size that's less outrageously out of date.

Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
This commit is contained in:
Jeff King 2023-02-01 06:39:26 -05:00 committed by Junio C Hamano
parent d113449e26
commit b08edf709d
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
t/lib-httpd/ssl.cnf
View File

@ -1,7 +1,7 @@
RANDFILE = $ENV::RANDFILE_PATH
[ req ]
default_bits = 1024
default_bits = 2048
distinguished_name = req_distinguished_name
prompt = no
[ req_distinguished_name ]