| #
ef07452a |
| 23-Dec-2022 |
Paul Howarth |
tests: avoid use of sha1 in certificates
The SHA-1 algorithm is deprecated (particularly for security-sensitive
applications) in a variety of OS environments. This already affects
RH
tests: avoid use of sha1 in certificates
The SHA-1 algorithm is deprecated (particularly for security-sensitive
applications) in a variety of OS environments. This already affects
RHEL-9 and derivatives, which are not willing to use certificates using
that algorithm. The fix is to use sha256 instead, which is already used
for most of the other certificates in the test suite.
Fixes #10135
This gets rid of issues related to sha1 signatures.
Manual steps after "make clean-certs" and "make build-certs":
- Copy tests/certs/stunnel-sv.pem to tests/stunnel.pem
(make clean-certs does not remove the original tests/stunnel.pem)
- Copy tests/certs/Server-localhost-sv.pubkey-pinned into --pinnedpubkey
options of tests/data/test2041 and tests/data/test2087
Closes #10153
show more ...
|
| #
f7029718 |
| 25-Nov-2022 |
Stefan Eissing |
tests: add authorityInfoAccess to generated certs
Generate stunnel.pem as well
Closes #9980
|
|
Revision tags: curl-7_76_1, curl-7_76_0, curl-7_75_0, curl-7_74_0, curl-7_73_0, tiny-curl-7_72_0, curl-7_72_0, curl-7_71_1, curl-7_71_0, curl-7_70_0, curl-7_69_1, curl-7_69_0, curl-7_68_0, curl-7_67_0, curl-7_66_0, curl-7_65_3, curl-7_65_2, curl-7_65_1, curl-7_65_0, curl-7_64_1, curl-7_64_0, curl-7_63_0, curl-7_62_0, curl-7_61_1, curl-7_61_0, curl-7_60_0, curl-7_59_0, curl-7_58_0, curl-7_57_0, curl-7_56_1, curl-7_56_0, curl-7_55_1, curl-7_55_0, curl-7_54_1, curl-7_54_0, curl-7_53_1, curl-7_53_0, curl-7_52_1, curl-7_52_0, curl-7_51_0, curl-7_50_3, curl-7_50_2, curl-7_50_1, curl-7_50_0, curl-7_49_1, curl-7_49_0, curl-7_48_0, curl-7_47_1, curl-7_47_0, curl-7_46_0, curl-7_45_0, curl-7_44_0, curl-7_43_0, curl-7_42_1, curl-7_42_0 |
|
| #
f9251a5c |
| 21-Mar-2015 |
Dan Fandrich |
tests/certs: rebuild certificates with modified key usage bits
The certificates were missing the digitalSignature and keyAgreement
usage types, of which at least digitalSignature was che
tests/certs: rebuild certificates with modified key usage bits
The certificates were missing the digitalSignature and keyAgreement
usage types, of which at least digitalSignature was checked by CyaSSL.
This caused the test server in test 310 (among others) to fail the
startup verification and therefore run (see
http://curl.haxx.se/mail/lib-2014-07/0303.html).
show more ...
|
|
Revision tags: curl-7_41_0, curl-7_40_0, curl-7_39_0, curl-7_38_0, curl-7_37_1, curl-7_37_0, curl-7_36_0, curl-7_35_0, curl-7_34_0, curl-7_33_0, curl-7_32_0, curl-7_31_0, curl-7_30_0, curl-7_29_0, curl-7_28_1, curl-7_28_0, curl-7_27_0, curl-7_26_0, curl-7_25_0, curl-7_24_0, curl-7_23_1, curl-7_23_0, curl-7_22_0, curl-7_21_7, curl-7_21_6, curl-7_21_5, curl-7_21_4, curl-7_21_3, curl-7_21_2, curl-7_21_1, curl-7_21_0 |
|
| #
99179da4 |
| 27-May-2010 |
Kamil Dudka |
tests/certs: re-generated because of lost pass-phrase
|
|
Revision tags: curl-7_20_1, curl-7_20_0, curl-7_19_7, curl-7_19_6 |
|
| #
e73fe837 |
| 11-Aug-2009 |
Daniel Stenberg |
- Peter Sylvester made the HTTPS test server use specific certificates for
each test, so that the test suite can now be used to actually test the
verification of cert names etc. This made
- Peter Sylvester made the HTTPS test server use specific certificates for
each test, so that the test suite can now be used to actually test the
verification of cert names etc. This made an error show up in the OpenSSL-
specific code where it would attempt to match the CN field even if a
subjectAltName exists that doesn't match. This is now fixed and verified
in test 311.
show more ...
|
