#
1ccdad64 |
| 27-Jun-2024 |
Viktor Szakats |
CI: add whitespace checker Fix issues detected. Also: - One of the `.vc` files used LF EOLs, while the other didn't. Make that one also use LF EOLs, as this is appare
CI: add whitespace checker Fix issues detected. Also: - One of the `.vc` files used LF EOLs, while the other didn't. Make that one also use LF EOLs, as this is apparently supported by `nmake`. - Drop `.dsw` and `.btn` types from `.gitattributes`. The repository doesn't use them. - Sync section order with the rest of files in `tests/certs/EdelCurlRoot-ca.prm`. - Indent/align `.prm` and `.pem` files. - Delete dummy `[something]` section from `.prm` and `.pem` files. Mental note: MSVC `.sln` files seem to accept spaces for indentation and also support LF line-endings. I cannot test this and I don't know what's more convenient when updating them, so left them as-is, with specific exclusions. Closes #14031
show more ...
|
#
ef07452a |
| 23-Dec-2022 |
Paul Howarth |
tests: avoid use of sha1 in certificates The SHA-1 algorithm is deprecated (particularly for security-sensitive applications) in a variety of OS environments. This already affects RH
tests: avoid use of sha1 in certificates The SHA-1 algorithm is deprecated (particularly for security-sensitive applications) in a variety of OS environments. This already affects RHEL-9 and derivatives, which are not willing to use certificates using that algorithm. The fix is to use sha256 instead, which is already used for most of the other certificates in the test suite. Fixes #10135 This gets rid of issues related to sha1 signatures. Manual steps after "make clean-certs" and "make build-certs": - Copy tests/certs/stunnel-sv.pem to tests/stunnel.pem (make clean-certs does not remove the original tests/stunnel.pem) - Copy tests/certs/Server-localhost-sv.pubkey-pinned into --pinnedpubkey options of tests/data/test2041 and tests/data/test2087 Closes #10153
show more ...
|
#
f7029718 |
| 25-Nov-2022 |
Stefan Eissing |
tests: add authorityInfoAccess to generated certs Generate stunnel.pem as well Closes #9980
|
Revision tags: curl-7_76_1, curl-7_76_0, curl-7_75_0, curl-7_74_0, curl-7_73_0, tiny-curl-7_72_0, curl-7_72_0, curl-7_71_1, curl-7_71_0, curl-7_70_0, curl-7_69_1, curl-7_69_0, curl-7_68_0, curl-7_67_0, curl-7_66_0, curl-7_65_3, curl-7_65_2, curl-7_65_1, curl-7_65_0, curl-7_64_1, curl-7_64_0, curl-7_63_0, curl-7_62_0 |
|
#
ba782baa |
| 19-Sep-2018 |
Daniel Stenberg |
certs: generate tests certs with sha256 digest algorithm As OpenSSL 1.1.1 starts to complain and fail on sha1 CAs: "SSL certificate problem: CA signature digest algorithm too weak"
certs: generate tests certs with sha256 digest algorithm As OpenSSL 1.1.1 starts to complain and fail on sha1 CAs: "SSL certificate problem: CA signature digest algorithm too weak" Closes #3014
show more ...
|
#
92f9db17 |
| 10-Sep-2018 |
Yiming Jing |
tests/certs: rebuild certs with 2048-bit RSA keys The previous test certificates contained RSA keys of only 1024 bits. However, RSA claims that 1024-bit RSA keys are likely to become
tests/certs: rebuild certs with 2048-bit RSA keys The previous test certificates contained RSA keys of only 1024 bits. However, RSA claims that 1024-bit RSA keys are likely to become crackable some time before 2010. The NIST recommends at least 2048-bit keys for RSA for now. Better use full 2048 also for testing. Closes #2973
show more ...
|
Revision tags: curl-7_61_1, curl-7_61_0, curl-7_60_0, curl-7_59_0, curl-7_58_0, curl-7_57_0, curl-7_56_1, curl-7_56_0, curl-7_55_1, curl-7_55_0, curl-7_54_1, curl-7_54_0, curl-7_53_1, curl-7_53_0, curl-7_52_1, curl-7_52_0, curl-7_51_0, curl-7_50_3, curl-7_50_2, curl-7_50_1, curl-7_50_0, curl-7_49_1, curl-7_49_0, curl-7_48_0, curl-7_47_1, curl-7_47_0, curl-7_46_0, curl-7_45_0, curl-7_44_0, curl-7_43_0, curl-7_42_1, curl-7_42_0 |
|
#
f9251a5c |
| 21-Mar-2015 |
Dan Fandrich |
tests/certs: rebuild certificates with modified key usage bits The certificates were missing the digitalSignature and keyAgreement usage types, of which at least digitalSignature was che
tests/certs: rebuild certificates with modified key usage bits The certificates were missing the digitalSignature and keyAgreement usage types, of which at least digitalSignature was checked by CyaSSL. This caused the test server in test 310 (among others) to fail the startup verification and therefore run (see http://curl.haxx.se/mail/lib-2014-07/0303.html).
show more ...
|
Revision tags: curl-7_41_0, curl-7_40_0, curl-7_39_0, curl-7_38_0, curl-7_37_1, curl-7_37_0, curl-7_36_0, curl-7_35_0, curl-7_34_0, curl-7_33_0, curl-7_32_0, curl-7_31_0, curl-7_30_0, curl-7_29_0, curl-7_28_1, curl-7_28_0, curl-7_27_0, curl-7_26_0, curl-7_25_0, curl-7_24_0, curl-7_23_1, curl-7_23_0, curl-7_22_0, curl-7_21_7, curl-7_21_6, curl-7_21_5, curl-7_21_4, curl-7_21_3, curl-7_21_2, curl-7_21_1, curl-7_21_0 |
|
#
99179da4 |
| 27-May-2010 |
Kamil Dudka |
tests/certs: re-generated because of lost pass-phrase
|
Revision tags: curl-7_20_1, curl-7_20_0 |
|
#
4d922545 |
| 28-Nov-2009 |
Yang Tse |
- Added Diffie-Hellman parameters to several test harness certificate files in PEM format. Required by several stunnel versions used by our test harness.
|
Revision tags: curl-7_19_7, curl-7_19_6 |
|
#
e73fe837 |
| 11-Aug-2009 |
Daniel Stenberg |
- Peter Sylvester made the HTTPS test server use specific certificates for each test, so that the test suite can now be used to actually test the verification of cert names etc. This made
- Peter Sylvester made the HTTPS test server use specific certificates for each test, so that the test suite can now be used to actually test the verification of cert names etc. This made an error show up in the OpenSSL- specific code where it would attempt to match the CN field even if a subjectAltName exists that doesn't match. This is now fixed and verified in test 311.
show more ...
|