diff options
| author | Jeff King <peff@peff.net> | 2023-02-01 11:39:26 (GMT) |
|---|---|---|
| committer | Junio C Hamano <gitster@pobox.com> | 2023-02-01 18:10:34 (GMT) |
| commit | b08edf709dfcd79c3691370930cd89c4b9b16d2f (patch) | |
| tree | 3029da43bb055b228c9500905d9e002ffb4a434c /t | |
| parent | d113449e265d1914e55f67f0e14e26a8d784b987 (diff) | |
| download | git-b08edf709dfcd79c3691370930cd89c4b9b16d2f.zip git-b08edf709dfcd79c3691370930cd89c4b9b16d2f.tar.gz git-b08edf709dfcd79c3691370930cd89c4b9b16d2f.tar.bz2 | |
t/lib-httpd: increase ssl key size to 2048 bits
Recent versions of openssl will refuse to work with 1024-bit RSA keys,
as they are considered insecure. I didn't track down the exact version
in which the defaults were tightened, but the Debian-package openssl 3.0
on my system yields:
$ LIB_HTTPD_SSL=1 ./t5551-http-fetch-smart.sh -v -i
[...]
SSL Library Error: error:0A00018F:SSL routines::ee key too small
1..0 # SKIP web server setup failed
This could probably be overcome with configuration, but that's likely
to be a headache (especially if it requires touching /etc/openssl).
Let's just pick a key size that's less outrageously out of date.
Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 't')
| -rw-r--r-- | t/lib-httpd/ssl.cnf | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/t/lib-httpd/ssl.cnf b/t/lib-httpd/ssl.cnf index 6dab257..812e825 100644 --- a/t/lib-httpd/ssl.cnf +++ b/t/lib-httpd/ssl.cnf @@ -1,7 +1,7 @@ RANDFILE = $ENV::RANDFILE_PATH [ req ] -default_bits = 1024 +default_bits = 2048 distinguished_name = req_distinguished_name prompt = no [ req_distinguished_name ] |