| Log Message: |
Update test certificates
1. cacert_nul.pem
2. servercert_cn_nul.pem
3. servercert_cnsan_nul.pem
4. servercert_san_nul.pem
to SHA256 from SHA1.
- It's consistent with all other test certificates created by create_certs.py.
- It's more realistic. Certificates signed using SHA1 are considered insecure
and are not supported by modern browsers.
- It will be useful for future support of OpenSSL 3.0, where certificates
signed using SHA1 are not allowed at default security level [1]:
[[[
X509 certificates signed using SHA1 are no longer allowed at security level 1
and above.
In TLS/SSL the default security level is 1. It can be set either using the
cipher string with @SECLEVEL, or calling SSL_CTX_set_security_level(3). If the
leaf certificate is signed with SHA-1, a call to SSL_CTX_use_certificate(3)
will fail if the security level is not lowered first.
]]]
[1] https://www.openssl.org/docs/man3.0/man7/migration_guide.html
Patch by: Denis Kovalchuk <denis.kovalchuk{_AT_}visualsvn.com>
* test/certs/cacert_nul.pem,
test/certs/servercert_cn_nul.pem,
test/certs/servercert_cnsan_nul.pem,
test/certs/servercert_san_nul.pem: Sign using SHA256 instead of SHA1.
|
serf/trunk/test/certs/cacert_nul.pem