Re: [PATCH spice-server] tests/pki: Use CA/certificate valid until 2048 and with 2048 bits

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Dec 04, 2018 at 01:19:31PM +0000, Frediano Ziglio wrote:
> This changes tests/pki/server-cert.pem and tests/pki/ca-cert.pem to have
> 2048 bits. These certificates were generated using the
> instructions on https://www.spice-space.org/spice-user-manual.html
> The -subj args were omitted, and the defaults suggested by openssl used.
> The -days parameter was changed to -days 10950, the bits to 2048.
> 
> This fixes https://gitlab.freedesktop.org/spice/spice/issues/27.

I would add in the commit log that some distros are starting to use
stricter settings for their openssl configuration, which forbids 2048 bit
keys, and causes test suite failures.

Apart from this,
Acked-by: Christophe Fergeau <cfergeau@xxxxxxxxxx>

Christophe

> 
> Signed-off-by: Frediano Ziglio <fziglio@xxxxxxxxxx>
> ---
>  server/tests/pki/ca-cert.pem     | 27 ++++++++++++++---------
>  server/tests/pki/server-cert.pem | 23 +++++++++++--------
>  server/tests/pki/server-key.pem  | 38 +++++++++++++++++++++-----------
>  3 files changed, 55 insertions(+), 33 deletions(-)
> 
> diff --git a/server/tests/pki/ca-cert.pem b/server/tests/pki/ca-cert.pem
> index caa9312e..2e40da24 100644
> --- a/server/tests/pki/ca-cert.pem
> +++ b/server/tests/pki/ca-cert.pem
> @@ -1,15 +1,20 @@
>  -----BEGIN CERTIFICATE-----
> -MIICUjCCAbugAwIBAgIJAKM/WOQQB3iqMA0GCSqGSIb3DQEBCwUAMEIxCzAJBgNV
> +MIIDWjCCAkKgAwIBAgIJAILhGzNuNWQHMA0GCSqGSIb3DQEBCwUAMEIxCzAJBgNV
>  BAYTAlhYMRUwEwYDVQQHDAxEZWZhdWx0IENpdHkxHDAaBgNVBAoME0RlZmF1bHQg
> -Q29tcGFueSBMdGQwHhcNMTcwMzIzMTA0MDEwWhcNNDcwMzE2MTA0MDEwWjBCMQsw
> +Q29tcGFueSBMdGQwHhcNMTgxMjA0MTIxNjAzWhcNNDgxMTI2MTIxNjAzWjBCMQsw
>  CQYDVQQGEwJYWDEVMBMGA1UEBwwMRGVmYXVsdCBDaXR5MRwwGgYDVQQKDBNEZWZh
> -dWx0IENvbXBhbnkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDZXCWk
> -OuMVr45sAE9a7RM1K2brRdwzjdEqy1OV0dhqymL9YG/iygGp4HqwkLvLqEewq1bD
> -sCcIbRlOidmBv9+uhy2zU9tBzaAptB7Vb6lAAa0PHlUQnQskVcPCwsK7RxwWw0/J
> -pfld8qDAY1t8qM6mSy9Kuyk0X4FOvcuVQKCmiQIDAQABo1AwTjAdBgNVHQ4EFgQU
> -eCFCqTxHPsa+7B0vcCZyxEgCnBwwHwYDVR0jBBgwFoAUeCFCqTxHPsa+7B0vcCZy
> -xEgCnBwwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOBgQBr+TeJqQH+SlAp
> -GcA90SkGnqcEJSijjF9qcgmL0F5Z/yCBDaZa6F3wh/rXNZB2rKfQGW6Mem9KS8cm
> -lui4A1pomMZBWQMwUYP02UF1fHg76RCG7PMhBZR2GkqHqHWfZBfFigdIWKFrm5fq
> -92l4opvf97dSiOF9x1JLPUeoOOJL8A==
> +dWx0IENvbXBhbnkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
> +8jyIHqDhnkoNNMnC9ACMTgN0nZSJh0F2QQw4vajumoyVQ2wQmAC2BsndvYPhZV3/
> +2pGTl6X4LANUPWqGxp++ZJrzBUFPLIYKe1T7DCPyvoJoI6BKHYb15OrokryylGkO
> +QKgWYbCl3p+2R9KaADYWQdHaMs1VzKuEtZ5dmX9Or3qbU88tDeLvbirVhCxmmt2x
> +F4NF4V1ZKVud5DanPGxtSnNydmTvkaBwPTWYig6EpBp+UlV+cH1P7vbORXnNlT4C
> +x54d1v8qJIxunbYq/je0lgdIDYU/gFZ6t8PoS5iuP0s7aFjOfBCjl41oO3R4gNob
> +VXZQA7kVreiLbc6O9orbKwIDAQABo1MwUTAdBgNVHQ4EFgQUcDtvufvglN3CQ55v
> +3J30/2S7WDMwHwYDVR0jBBgwFoAUcDtvufvglN3CQ55v3J30/2S7WDMwDwYDVR0T
> +AQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAsAFKXWd8gBmp1yybvUUDIPDr
> +t+sPp71KcXkmhTEn8LL2xcYRhvAGgzhYQb/pCCvNU9to7TLlcehSlrfrzV7KwJzk
> +UWlxCd/lmTU/eM0rlxzzO90xV37u0H7BKSqBKQBrvuMEk9H2T+oXg9rkP8dQBQKF
> +BmrU7udE1SO324b5H1Sh3JobvvZ5IUei8nE5yqnGO3Oo8dl/V9LLyFdR+dCaE1jt
> +JrGxLUBfQthPmdI9V+A6oD45v5VS1Lbdg6SAfCuhqlCAZeg89gywy3v9DpKSZ8So
> +szIgdn8akS4vmcLv9qvwcIrf6rg1k11OJLGbGj0ySx30gREGFbVSwHq789LsfA==
>  -----END CERTIFICATE-----
> diff --git a/server/tests/pki/server-cert.pem b/server/tests/pki/server-cert.pem
> index 4bb20241..5ace4081 100644
> --- a/server/tests/pki/server-cert.pem
> +++ b/server/tests/pki/server-cert.pem
> @@ -1,13 +1,18 @@
>  -----BEGIN CERTIFICATE-----
> -MIIB8zCCAVwCAQEwDQYJKoZIhvcNAQELBQAwQjELMAkGA1UEBhMCWFgxFTATBgNV
> +MIIC+DCCAeACAQEwDQYJKoZIhvcNAQELBQAwQjELMAkGA1UEBhMCWFgxFTATBgNV
>  BAcMDERlZmF1bHQgQ2l0eTEcMBoGA1UECgwTRGVmYXVsdCBDb21wYW55IEx0ZDAe
> -Fw0xNzAzMjMxMDQwNDVaFw00NzAzMTYxMDQwNDVaMEIxCzAJBgNVBAYTAlhYMRUw
> +Fw0xODEyMDQxMjE2MDlaFw00ODExMjYxMjE2MDlaMEIxCzAJBgNVBAYTAlhYMRUw
>  EwYDVQQHDAxEZWZhdWx0IENpdHkxHDAaBgNVBAoME0RlZmF1bHQgQ29tcGFueSBM
> -dGQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMXDPMZLse8CuEwJKMkvEdmB
> -wK+33T0jOMkUJPt8LseLCjXmYOir2gWrsnP5fgxpwx/Xxb61ivwhAtC2mFcy3xXp
> -RNkDHk3F2XpGwD0Msj9tR9DYidyRz/rN1BRth5ZLm0TvjmwWcBb7qWICIVTLsp6z
> -XuM/erA3E00s7VANBlaPAgMBAAEwDQYJKoZIhvcNAQELBQADgYEA2Om01Qav2OQc
> -ZjIPUmlqSzY96xyT8gzCIOyQikCuJ3Qdem4Qv1c9RxDFxNSrnNINx7Rrtkqp7dM7
> -st+gUqdKc2jvb301TbS+SlDaK1Nre5vB8bPg1cJxUwWX1fDy2igIok0KmM1P7S8M
> -isa/qmobRb4rzvn3blThesqFez9xRhk=
> +dGQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGeaFsglHGN+XLMscC
> +XEgYk10zsVZ2PvMO/cVRd5ykaHUFUknOnoImxnxWhfTKmlkM7W4fZCXulc0oOxpy
> +ycTxsLzePAvlq/lMSTHK44mQWAB5vwZq6fEBMN6op2m09VqJjSc6CNoH+b5lDm+B
> +fx4SvC+ZBSdoRXoonqnNsqcTzp7NkSqD9kJHYFF4I60CdTwXqhNBUqSJ+F1QJoJS
> +K2DAnJUMDwHQfoWHWuuX/SM1adh6NrxXNNQ99TrAwtm3faUF6D3narNfjUVzSMlk
> +FWBOxnZojny8gt4xONp/1VXYRnA17wst2SbxPYaux/NAQVFrb9btIs+31JZe/9iC
> +LrD9AgMBAAEwDQYJKoZIhvcNAQELBQADggEBAGZKPFTKyplFuyn//kM7ZncZKbST
> +zjSoCljAkrOL6bPpgZ4Q2U1HVH5OFtYyH5p6woMY4GKqhq+hy+O6lfGmbiGg+cB0
> +doVH+/Tn6cWuctIu9Afb3JQWnagZMJLiUBBNYkRtFpxHDatRzsuJnzr66d0zne3v
> +reCvRYi/H36H0zY6xtvR6DORSy0EJ1C/PiRXUW+Uag2l0IcHsj6UlJ9gqYk+4bNL
> +u7rJcP11aGcdDcBwv/c08iYIcu3co0hxKMUpgPiz8wAipJSjDsJPYmeJcZyllBPk
> +XvCKpRHS8EhaYQ4lZbChJPR8RDlf9J1z4wY8HMcVKHTQfp9q9XrsbOJ4x/o=
>  -----END CERTIFICATE-----
> diff --git a/server/tests/pki/server-key.pem b/server/tests/pki/server-key.pem
> index 0851142b..f6a3aa79 100644
> --- a/server/tests/pki/server-key.pem
> +++ b/server/tests/pki/server-key.pem
> @@ -1,15 +1,27 @@
>  -----BEGIN RSA PRIVATE KEY-----
> -MIICXAIBAAKBgQDFwzzGS7HvArhMCSjJLxHZgcCvt909IzjJFCT7fC7Hiwo15mDo
> -q9oFq7Jz+X4MacMf18W+tYr8IQLQtphXMt8V6UTZAx5Nxdl6RsA9DLI/bUfQ2Inc
> -kc/6zdQUbYeWS5tE745sFnAW+6liAiFUy7Kes17jP3qwNxNNLO1QDQZWjwIDAQAB
> -AoGACwzjwnjMUnyma6k/XC6DItI7QBZYCGiFbcbwYhUIUCIWyfg7hgTEQ/jaGdzh
> -DDSEsKzP4d4nC/uUOrFZRdYT3P5pXXFOFHkCiiG6IZeoQ0nO1CNBh/t08Wcy9ASt
> -o9wIvAQHvvdp5vKBmkOydFWvnMix5ZOrWiAHVQo1vaUiYYECQQDoPsky1zpc9Ehf
> -8FY5Ayro62sxa0hwCNxdrFPu8d6M/J0iz+n47YhyKISE9498dWXepSe06rd2oMQ8
> -DubEF6xhAkEA2f2LFT1N6m6xQPlVkxmNc5M1RWmShmEiV818kgr7/ywk4VBD0RxT
> -yVwuEier2n92DFLzN7o1wQtqxeQnXwVo7wJAXNMLc6iWiSSR8NaMf8kGU4YUl/H7
> -R9wix8Xi3jQJ8WveGlXjfDzkNkx/eu2/ic0aZDy6fBL8NQvYovCJx4J2wQJAJlCR
> -JJ+M1Vq1XwU0DFHeceT65QNkVKg4ABTHA2hY2IXqyYtxEA0ZkPfZxSkh5Jqopgvi
> -YfYhwpd+IeAzJ1ltEwJBAMmPD9K/RzZKm05AZ20hVgo+BkLRQ5XlWtIuyiB8gFy1
> -OfpkFifKxclsVxT2WTizfZD0vlmlACrdiE4z4Zf/+/0=
> +MIIEpAIBAAKCAQEAxnmhbIJRxjflyzLHAlxIGJNdM7FWdj7zDv3FUXecpGh1BVJJ
> +zp6CJsZ8VoX0yppZDO1uH2Ql7pXNKDsacsnE8bC83jwL5av5TEkxyuOJkFgAeb8G
> +aunxATDeqKdptPVaiY0nOgjaB/m+ZQ5vgX8eErwvmQUnaEV6KJ6pzbKnE86ezZEq
> +g/ZCR2BReCOtAnU8F6oTQVKkifhdUCaCUitgwJyVDA8B0H6Fh1rrl/0jNWnYeja8
> +VzTUPfU6wMLZt32lBeg952qzX41Fc0jJZBVgTsZ2aI58vILeMTjaf9VV2EZwNe8L
> +Ldkm8T2GrsfzQEFRa2/W7SLPt9SWXv/Ygi6w/QIDAQABAoIBAEBJrYvkOnCmMny7
> +GdMd6Qxsz0erLYJnqXs1n/BfehGW9DChEt8mYKoGqMet5Dir/iQ90+m/GrpJM4bQ
> +fiSoTm6q/MJPWNsv9TRMkSBSy4BBwQWuZnnDBRmJptWiRI8k2gqr+gTGUTk8H/vD
> +zUJ41ljjM9ew367aslLt8bp7H7s+JBLi60F9PnnMJ+fZJpdB2trRvzwp0gWN1kEy
> +VQUydSEV1yLT/rFkFcm8gRceTlh2yb3CPbZDMF/CExNahnxFaibKYtXd7J26jHKN
> +TbSPO7Rm6e3AcyLZMxyyC4PcU975Bg22HThZFEYDCYLyZuc4zCHxnWFmtEhEc/Vn
> +AHEaW9ECgYEA4nDLUHt7y6HUUr/TJo5fNJ5Jc/yK+2J/brUmVBiL49j+rvpqfq8A
> +1ozT6Ga6I+PjRhA+CvrjfCG7wUi71rjx1QGThCGUrko7VYG/Un3jus1dem/PR/nq
> +Tt27GTalmwCIjrHxUH6CTv4uOKdd7LlEXNqyqq2UbGShOai0xsOPr2cCgYEA4GJI
> +vohNsuhfjA7K+PdJ3BmRtC5WIUZYthT86//vumn4AURmUJvWc5+q0cC6tPM01HIH
> +BqO/ZFPD7p9GIh9ZbDWsEL5A4r3sLT2vFk3MV9iwiqb0WpZbg9KVuhNOaZ47JKFR
> +YxpaHcLUdcDXvrqz+o/l2ITG5x/FFkMQlRiNMfsCgYEA2R15dEPSIR+bq3QOCyv7
> +kUIr/7Anun1o3keG5p9aki8fk7q7nZhC33TMQkstMvhwlF9Cfditgfn+Qodww6M1
> +DR2jyc9A9hRq68OqJHhcgGIkvR6zyrmPterYWIaTJxnN1bQ8Qwfp/b+tpdikMDQ7
> +niR7pzcj1wJtrBFctDASdwUCgYEAxCUGZA/wo+k/xMYVpic9WHq9hJ1Qy0ucNqcI
> +JSEYpYMGuczaB7MCdxZnE25/h7hmQSPggmxX3VLgHtL6Us/GsrIEVKqLO+o775xR
> +VpTxgQU55iplxl5TZ1uJaRyBWhBosO+XnqMljYiHgtvtfJvmwqxRhsEiwl1iQsCj
> +WUIaA0sCgYAuRXM1HmWzAfCpANJVWyjswr9Zg4KjCC2QSM2XOGaTISyNPyKyQ3Yf
> ++xz41ggx6uss1oyyYTXkZ+mGsJJ3fFZWG3k/w0tZwMhS9RzFd1qJTrMqXy+MeCG1
> +nb2nTEYNih5Yq5A+ZzYWhSZ7qAZP0oFdtb6TaR8ke3SYFpJqZzvD7g==
>  -----END RSA PRIVATE KEY-----
> -- 
> 2.17.2
> 
> _______________________________________________
> Spice-devel mailing list
> Spice-devel@xxxxxxxxxxxxxxxxxxxxx
> https://lists.freedesktop.org/mailman/listinfo/spice-devel

Attachment: signature.asc
Description: PGP signature

_______________________________________________
Spice-devel mailing list
Spice-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.freedesktop.org/mailman/listinfo/spice-devel

[Index of Archives]     [Linux Virtualization]     [Linux Virtualization]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]     [Monitors]