| #
ef07452a |
| 23-Dec-2022 |
Paul Howarth |
tests: avoid use of sha1 in certificates
The SHA-1 algorithm is deprecated (particularly for security-sensitive
applications) in a variety of OS environments. This already affects
RH
tests: avoid use of sha1 in certificates
The SHA-1 algorithm is deprecated (particularly for security-sensitive
applications) in a variety of OS environments. This already affects
RHEL-9 and derivatives, which are not willing to use certificates using
that algorithm. The fix is to use sha256 instead, which is already used
for most of the other certificates in the test suite.
Fixes #10135
This gets rid of issues related to sha1 signatures.
Manual steps after "make clean-certs" and "make build-certs":
- Copy tests/certs/stunnel-sv.pem to tests/stunnel.pem
(make clean-certs does not remove the original tests/stunnel.pem)
- Copy tests/certs/Server-localhost-sv.pubkey-pinned into --pinnedpubkey
options of tests/data/test2041 and tests/data/test2087
Closes #10153
show more ...
|
| #
f7029718 |
| 25-Nov-2022 |
Stefan Eissing |
tests: add authorityInfoAccess to generated certs
Generate stunnel.pem as well
Closes #9980
|
|
Revision tags: curl-7_76_1, curl-7_76_0, curl-7_75_0, curl-7_74_0, curl-7_73_0, tiny-curl-7_72_0, curl-7_72_0, curl-7_71_1, curl-7_71_0, curl-7_70_0, curl-7_69_1, curl-7_69_0, curl-7_68_0, curl-7_67_0, curl-7_66_0, curl-7_65_3, curl-7_65_2, curl-7_65_1, curl-7_65_0, curl-7_64_1, curl-7_64_0, curl-7_63_0, curl-7_62_0 |
|
| #
92f9db17 |
| 10-Sep-2018 |
Yiming Jing |
tests/certs: rebuild certs with 2048-bit RSA keys
The previous test certificates contained RSA keys of only 1024 bits.
However, RSA claims that 1024-bit RSA keys are likely to become
tests/certs: rebuild certs with 2048-bit RSA keys
The previous test certificates contained RSA keys of only 1024 bits.
However, RSA claims that 1024-bit RSA keys are likely to become
crackable some time before 2010. The NIST recommends at least 2048-bit
keys for RSA for now.
Better use full 2048 also for testing.
Closes #2973
show more ...
|
|
Revision tags: curl-7_61_1, curl-7_61_0, curl-7_60_0, curl-7_59_0, curl-7_58_0, curl-7_57_0, curl-7_56_1, curl-7_56_0, curl-7_55_1, curl-7_55_0, curl-7_54_1, curl-7_54_0, curl-7_53_1, curl-7_53_0, curl-7_52_1, curl-7_52_0, curl-7_51_0, curl-7_50_3, curl-7_50_2, curl-7_50_1, curl-7_50_0, curl-7_49_1, curl-7_49_0, curl-7_48_0, curl-7_47_1, curl-7_47_0, curl-7_46_0, curl-7_45_0, curl-7_44_0, curl-7_43_0, curl-7_42_1, curl-7_42_0, curl-7_41_0, curl-7_40_0, curl-7_39_0, curl-7_38_0, curl-7_37_1, curl-7_37_0, curl-7_36_0 |
|
| #
b5486adc |
| 22-Feb-2014 |
Marc Hoersken |
stunnel: regenerated self-signed test certificate with SHA1 hash
The previous test certificate contained a MD5 hash which is not
supported using TLSv1.2 with Schannel on Windows 7 or new
stunnel: regenerated self-signed test certificate with SHA1 hash
The previous test certificate contained a MD5 hash which is not
supported using TLSv1.2 with Schannel on Windows 7 or newer.
See the update to this blog post on IEInternals / MSDN:
http://blogs.msdn.com/b/ieinternals/archive/2011/03/25/
misbehaving-https-servers-impair-tls-1.1-and-tls-1.2.aspx
"Update: If the server negotiates a TLS1.2 connection with a
Windows 7 or 8 schannel.dll-using client application, and it
provides a certificate chain which uses the (weak) MD5 hash
algorithm, the client will abort the connection (TCP/IP FIN)
upon receipt of the certificate."
show more ...
|
|
Revision tags: curl-7_35_0, curl-7_34_0, curl-7_33_0, curl-7_32_0, curl-7_31_0, curl-7_30_0, curl-7_29_0, curl-7_28_1, curl-7_28_0, curl-7_27_0, curl-7_26_0, curl-7_25_0 |
|
| #
e277d3b5 |
| 25-Jan-2012 |
Yang Tse |
test harness: update stunnel.pem Diffie-Hellman parameters from 512 to 1024 bit
|
|
Revision tags: curl-7_24_0, curl-7_23_1, curl-7_23_0, curl-7_22_0, curl-7_21_7, curl-7_21_6, curl-7_21_5, curl-7_21_4, curl-7_21_3, curl-7_21_2, curl-7_21_1, curl-7_21_0, curl-7_20_1, curl-7_20_0, curl-7_19_7, curl-7_19_6, curl-7_19_5, curl-7_19_4, curl-7_19_3, curl-7_19_2, curl-7_19_1, curl-7_19_0, curl-7_18_2, curl-7_18_1, curl-7_18_0, curl-7_17_1, curl-7_17_0, curl-7_17_0-preldapfix, curl-7_16_4, curl-7_16_3 |
|
| #
e3dab1be |
| 14-Apr-2007 |
Daniel Stenberg |
jayjwa added the "DH PARAMETERS" to make this work with recent stunnels
|
|
Revision tags: curl-7_16_2, curl-7_16_1, curl-7_16_0, curl-7_15_6-prepipeline, curl-7_15_5, curl-7_15_4, curl-7_15_3, curl-7_15_2, curl-7_15_1, curl-7_15_0, curl-7_14_1, c-ares-1_3_0, curl-7_14_0, curl-7_13_2, curl-7_13_1, before_ftp_statemachine, curl-7_13_0, curl-7_12_3, curl-7_12_2, curl-7_12_1, pre-aifix, curl-7_12_0, curl-7_11_2, c-ares-1_2_0, curl-7_11_1, curl-7_11_0 |
|
| #
3a61c98b |
| 12-Jan-2004 |
Daniel Stenberg |
Peter Sylvester brought code that now allows a callback to modified the URL
even when the multi interface is used, and then libcurl will simulate a
"follow location" to that new URL. Test 509
Peter Sylvester brought code that now allows a callback to modified the URL
even when the multi interface is used, and then libcurl will simulate a
"follow location" to that new URL. Test 509 was added to test this feature.
show more ...
|
|
Revision tags: curl-7_10_8, curl-7_10_7, curl-7_10_6, curl-7_10_5, curl-7_10_4, curl-7_10_3, curl-7_10_2, curl-7_10_1, curl-7_10, curl-7_9_8, curl-7_9_7, curl-7_9_7-pre2, curl-7_9_6, curl-7_9_5, curl-7_9_5-pre4, curl-7_9_5-pre2, curl-7_9_4, curl-7_9_3, curl-7_9_3-pre3, curl-7_9_3-pre2, curl-7_9_3-pre1, pre-host-cache, curl-7_9_2, curl-7_9_1, curl-7_9, Curl_easy_1-1-8 |
|
| #
0db04c4f |
| 17-Sep-2001 |
Daniel Stenberg |
added stunnel PEM
|
