Webbrowsers are moving away from supporting MD5 in certificates. Should we also move to more secure hashes in our tests?
On Fri, Nov 2, 2018 at 8:11 AM, <br...@apache.org> wrote: > Author: brane > Date: Fri Nov 2 07:11:48 2018 > New Revision: 1845542 > > URL: http://svn.apache.org/viewvc?rev=1845542&view=rev > Log: > * test/certs/create_certs.py (create_crl): Support versions of PyOpenSSL > that > require that the digest parameter is set explicitly in crl.export(). > > Suggested by: jamessan > > Modified: > serf/trunk/test/certs/create_certs.py > > Modified: serf/trunk/test/certs/create_certs.py > URL: http://svn.apache.org/viewvc/serf/trunk/test/certs/create_ > certs.py?rev=1845542&r1=1845541&r2=1845542&view=diff > ============================================================ > ================== > --- serf/trunk/test/certs/create_certs.py (original) > +++ serf/trunk/test/certs/create_certs.py Fri Nov 2 07:11:48 2018 > @@ -78,7 +78,13 @@ def create_crl(revokedcert, cakey, cacer > revoked.set_rev_date(now_str) # revoked as of now > > crl.add_revoked(revoked) > - open(crlfile, "wt").write(crl.export(cacert, cakey, > days=next_crl_days)) > + try: > + exported = crl.export(cacert, cakey, days=next_crl_days, > digest=b"md5") > + except TypeError: > + # Some very old versions of pyopenssl (such as the one on macOS) > + # do not support the 'digest' keyword argument. > + exported = crl.export(cacert, cakey, days=next_crl_days) > + open(crlfile, "wt").write(exported) > > # subjectAltName > def create_cert(subjectkey, certfile, issuer=None, issuerkey=None, > country='', > > >
