brainy commented on code in PR #7:
URL: https://github.com/apache/serf/pull/7#discussion_r2154984025
##########
test/certs/create_certs.py:
##########
@@ -73,18 +73,18 @@ def create_crl(revokedcert, cakey, cacert, crlfile,
next_crl_days=VALID_DAYS):
now = datetime.utcnow()
now_str = now.strftime('%Y%m%d%H%M%SZ')
- revoked.set_serial(serial_number)
- revoked.set_reason('unspecified')
- revoked.set_rev_date(now_str) # revoked as of now
+ revoked.set_serial(serial_number.encode('ascii'))
+ revoked.set_reason(b'unspecified')
+ revoked.set_rev_date(now_str.encode('ascii')) # revoked as of now
crl.add_revoked(revoked)
try:
- exported = crl.export(cacert, cakey, days=next_crl_days, digest=b"md5")
+ exported = crl.export(cacert, cakey, days=next_crl_days,
digest=b"sha256")
except TypeError:
Review Comment:
RIght. There are two completely unrelated changes here: The MD5 -> SHA256
change + regenerate all certificates; and the Py3-compat change. These should
be split in two commits.
Regarding the change to create_certs.py, I also recommend setting the
notBefore and notAfter dates explicitly to "Oct 4 22:44:52 2021 GMT" and "Sep
10 22:44:52 2121 GMT" and regenerate the certs (whiles still using MD5). This
is a sanity check: the certificates should not change at all, and the related
changes in test_ssl.c should not be necessary. The cert fingerprint should only
change when you update to SHA-256.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@serf.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
