On Wed, Oct 3, 2018 at 1:32 PM Michael Paquier <mich...@paquier.xyz> wrote: > On Mon, Oct 01, 2018 at 09:18:01PM +0900, Kyotaro HORIGUCHI wrote: > > The attached second patch just changes key size to 2048 bits and > > "ee key too small" are eliminated in 001_ssltests_master, but > > instead I got "ca md too weak" error. This is eliminated by using > > sha256 instead of sha1 in cas.config. (third attached) > > I find your suggestion quite tempting at the end instead of having to > tweak the global system's configuration. That should normally work with > any configuration. This would require regenerating the certs in the > tree. Any thoughts from others?
I don't really have opinion here, but I wanted to point out that src/test/ldap/t/001_auth.pl creates new certs on the fly, which is a bit inconsistent with the SSL test's approach of certs-in-the-tree. Which is better? -- Thomas Munro http://www.enterprisedb.com
