On Tue, Dec 04, 2018 at 01:19:31PM +0000, Frediano Ziglio wrote: > This changes tests/pki/server-cert.pem and tests/pki/ca-cert.pem to have > 2048 bits. These certificates were generated using the > instructions on https://www.spice-space.org/spice-user-manual.html > The -subj args were omitted, and the defaults suggested by openssl used. > The -days parameter was changed to -days 10950, the bits to 2048. > > This fixes https://gitlab.freedesktop.org/spice/spice/issues/27. I would add in the commit log that some distros are starting to use stricter settings for their openssl configuration, which forbids 2048 bit keys, and causes test suite failures. Apart from this, Acked-by: Christophe Fergeau <cfergeau@xxxxxxxxxx> Christophe > > Signed-off-by: Frediano Ziglio <fziglio@xxxxxxxxxx> > --- > server/tests/pki/ca-cert.pem | 27 ++++++++++++++--------- > server/tests/pki/server-cert.pem | 23 +++++++++++-------- > server/tests/pki/server-key.pem | 38 +++++++++++++++++++++----------- > 3 files changed, 55 insertions(+), 33 deletions(-) > > diff --git a/server/tests/pki/ca-cert.pem b/server/tests/pki/ca-cert.pem > index caa9312e..2e40da24 100644 > --- a/server/tests/pki/ca-cert.pem > +++ b/server/tests/pki/ca-cert.pem > @@ -1,15 +1,20 @@ > -----BEGIN CERTIFICATE----- > -MIICUjCCAbugAwIBAgIJAKM/WOQQB3iqMA0GCSqGSIb3DQEBCwUAMEIxCzAJBgNV > +MIIDWjCCAkKgAwIBAgIJAILhGzNuNWQHMA0GCSqGSIb3DQEBCwUAMEIxCzAJBgNV > BAYTAlhYMRUwEwYDVQQHDAxEZWZhdWx0IENpdHkxHDAaBgNVBAoME0RlZmF1bHQg > -Q29tcGFueSBMdGQwHhcNMTcwMzIzMTA0MDEwWhcNNDcwMzE2MTA0MDEwWjBCMQsw > +Q29tcGFueSBMdGQwHhcNMTgxMjA0MTIxNjAzWhcNNDgxMTI2MTIxNjAzWjBCMQsw > CQYDVQQGEwJYWDEVMBMGA1UEBwwMRGVmYXVsdCBDaXR5MRwwGgYDVQQKDBNEZWZh > -dWx0IENvbXBhbnkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDZXCWk > -OuMVr45sAE9a7RM1K2brRdwzjdEqy1OV0dhqymL9YG/iygGp4HqwkLvLqEewq1bD > -sCcIbRlOidmBv9+uhy2zU9tBzaAptB7Vb6lAAa0PHlUQnQskVcPCwsK7RxwWw0/J > -pfld8qDAY1t8qM6mSy9Kuyk0X4FOvcuVQKCmiQIDAQABo1AwTjAdBgNVHQ4EFgQU > -eCFCqTxHPsa+7B0vcCZyxEgCnBwwHwYDVR0jBBgwFoAUeCFCqTxHPsa+7B0vcCZy > -xEgCnBwwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOBgQBr+TeJqQH+SlAp > -GcA90SkGnqcEJSijjF9qcgmL0F5Z/yCBDaZa6F3wh/rXNZB2rKfQGW6Mem9KS8cm > -lui4A1pomMZBWQMwUYP02UF1fHg76RCG7PMhBZR2GkqHqHWfZBfFigdIWKFrm5fq > -92l4opvf97dSiOF9x1JLPUeoOOJL8A== > +dWx0IENvbXBhbnkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA > +8jyIHqDhnkoNNMnC9ACMTgN0nZSJh0F2QQw4vajumoyVQ2wQmAC2BsndvYPhZV3/ > +2pGTl6X4LANUPWqGxp++ZJrzBUFPLIYKe1T7DCPyvoJoI6BKHYb15OrokryylGkO > +QKgWYbCl3p+2R9KaADYWQdHaMs1VzKuEtZ5dmX9Or3qbU88tDeLvbirVhCxmmt2x > +F4NF4V1ZKVud5DanPGxtSnNydmTvkaBwPTWYig6EpBp+UlV+cH1P7vbORXnNlT4C > +x54d1v8qJIxunbYq/je0lgdIDYU/gFZ6t8PoS5iuP0s7aFjOfBCjl41oO3R4gNob > +VXZQA7kVreiLbc6O9orbKwIDAQABo1MwUTAdBgNVHQ4EFgQUcDtvufvglN3CQ55v > +3J30/2S7WDMwHwYDVR0jBBgwFoAUcDtvufvglN3CQ55v3J30/2S7WDMwDwYDVR0T > +AQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAsAFKXWd8gBmp1yybvUUDIPDr > +t+sPp71KcXkmhTEn8LL2xcYRhvAGgzhYQb/pCCvNU9to7TLlcehSlrfrzV7KwJzk > +UWlxCd/lmTU/eM0rlxzzO90xV37u0H7BKSqBKQBrvuMEk9H2T+oXg9rkP8dQBQKF > +BmrU7udE1SO324b5H1Sh3JobvvZ5IUei8nE5yqnGO3Oo8dl/V9LLyFdR+dCaE1jt > +JrGxLUBfQthPmdI9V+A6oD45v5VS1Lbdg6SAfCuhqlCAZeg89gywy3v9DpKSZ8So > +szIgdn8akS4vmcLv9qvwcIrf6rg1k11OJLGbGj0ySx30gREGFbVSwHq789LsfA== > -----END CERTIFICATE----- > diff --git a/server/tests/pki/server-cert.pem b/server/tests/pki/server-cert.pem > index 4bb20241..5ace4081 100644 > --- a/server/tests/pki/server-cert.pem > +++ b/server/tests/pki/server-cert.pem > @@ -1,13 +1,18 @@ > -----BEGIN CERTIFICATE----- > -MIIB8zCCAVwCAQEwDQYJKoZIhvcNAQELBQAwQjELMAkGA1UEBhMCWFgxFTATBgNV > +MIIC+DCCAeACAQEwDQYJKoZIhvcNAQELBQAwQjELMAkGA1UEBhMCWFgxFTATBgNV > BAcMDERlZmF1bHQgQ2l0eTEcMBoGA1UECgwTRGVmYXVsdCBDb21wYW55IEx0ZDAe > -Fw0xNzAzMjMxMDQwNDVaFw00NzAzMTYxMDQwNDVaMEIxCzAJBgNVBAYTAlhYMRUw > +Fw0xODEyMDQxMjE2MDlaFw00ODExMjYxMjE2MDlaMEIxCzAJBgNVBAYTAlhYMRUw > EwYDVQQHDAxEZWZhdWx0IENpdHkxHDAaBgNVBAoME0RlZmF1bHQgQ29tcGFueSBM > -dGQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMXDPMZLse8CuEwJKMkvEdmB > -wK+33T0jOMkUJPt8LseLCjXmYOir2gWrsnP5fgxpwx/Xxb61ivwhAtC2mFcy3xXp > -RNkDHk3F2XpGwD0Msj9tR9DYidyRz/rN1BRth5ZLm0TvjmwWcBb7qWICIVTLsp6z > -XuM/erA3E00s7VANBlaPAgMBAAEwDQYJKoZIhvcNAQELBQADgYEA2Om01Qav2OQc > -ZjIPUmlqSzY96xyT8gzCIOyQikCuJ3Qdem4Qv1c9RxDFxNSrnNINx7Rrtkqp7dM7 > -st+gUqdKc2jvb301TbS+SlDaK1Nre5vB8bPg1cJxUwWX1fDy2igIok0KmM1P7S8M > -isa/qmobRb4rzvn3blThesqFez9xRhk= > +dGQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGeaFsglHGN+XLMscC > +XEgYk10zsVZ2PvMO/cVRd5ykaHUFUknOnoImxnxWhfTKmlkM7W4fZCXulc0oOxpy > +ycTxsLzePAvlq/lMSTHK44mQWAB5vwZq6fEBMN6op2m09VqJjSc6CNoH+b5lDm+B > +fx4SvC+ZBSdoRXoonqnNsqcTzp7NkSqD9kJHYFF4I60CdTwXqhNBUqSJ+F1QJoJS > +K2DAnJUMDwHQfoWHWuuX/SM1adh6NrxXNNQ99TrAwtm3faUF6D3narNfjUVzSMlk > +FWBOxnZojny8gt4xONp/1VXYRnA17wst2SbxPYaux/NAQVFrb9btIs+31JZe/9iC > +LrD9AgMBAAEwDQYJKoZIhvcNAQELBQADggEBAGZKPFTKyplFuyn//kM7ZncZKbST > +zjSoCljAkrOL6bPpgZ4Q2U1HVH5OFtYyH5p6woMY4GKqhq+hy+O6lfGmbiGg+cB0 > +doVH+/Tn6cWuctIu9Afb3JQWnagZMJLiUBBNYkRtFpxHDatRzsuJnzr66d0zne3v > +reCvRYi/H36H0zY6xtvR6DORSy0EJ1C/PiRXUW+Uag2l0IcHsj6UlJ9gqYk+4bNL > +u7rJcP11aGcdDcBwv/c08iYIcu3co0hxKMUpgPiz8wAipJSjDsJPYmeJcZyllBPk > +XvCKpRHS8EhaYQ4lZbChJPR8RDlf9J1z4wY8HMcVKHTQfp9q9XrsbOJ4x/o= > -----END CERTIFICATE----- > diff --git a/server/tests/pki/server-key.pem b/server/tests/pki/server-key.pem > index 0851142b..f6a3aa79 100644 > --- a/server/tests/pki/server-key.pem > +++ b/server/tests/pki/server-key.pem > @@ -1,15 +1,27 @@ > -----BEGIN RSA PRIVATE KEY----- > -MIICXAIBAAKBgQDFwzzGS7HvArhMCSjJLxHZgcCvt909IzjJFCT7fC7Hiwo15mDo > -q9oFq7Jz+X4MacMf18W+tYr8IQLQtphXMt8V6UTZAx5Nxdl6RsA9DLI/bUfQ2Inc > -kc/6zdQUbYeWS5tE745sFnAW+6liAiFUy7Kes17jP3qwNxNNLO1QDQZWjwIDAQAB > -AoGACwzjwnjMUnyma6k/XC6DItI7QBZYCGiFbcbwYhUIUCIWyfg7hgTEQ/jaGdzh > -DDSEsKzP4d4nC/uUOrFZRdYT3P5pXXFOFHkCiiG6IZeoQ0nO1CNBh/t08Wcy9ASt > -o9wIvAQHvvdp5vKBmkOydFWvnMix5ZOrWiAHVQo1vaUiYYECQQDoPsky1zpc9Ehf > -8FY5Ayro62sxa0hwCNxdrFPu8d6M/J0iz+n47YhyKISE9498dWXepSe06rd2oMQ8 > -DubEF6xhAkEA2f2LFT1N6m6xQPlVkxmNc5M1RWmShmEiV818kgr7/ywk4VBD0RxT > -yVwuEier2n92DFLzN7o1wQtqxeQnXwVo7wJAXNMLc6iWiSSR8NaMf8kGU4YUl/H7 > -R9wix8Xi3jQJ8WveGlXjfDzkNkx/eu2/ic0aZDy6fBL8NQvYovCJx4J2wQJAJlCR > -JJ+M1Vq1XwU0DFHeceT65QNkVKg4ABTHA2hY2IXqyYtxEA0ZkPfZxSkh5Jqopgvi > -YfYhwpd+IeAzJ1ltEwJBAMmPD9K/RzZKm05AZ20hVgo+BkLRQ5XlWtIuyiB8gFy1 > -OfpkFifKxclsVxT2WTizfZD0vlmlACrdiE4z4Zf/+/0= > +MIIEpAIBAAKCAQEAxnmhbIJRxjflyzLHAlxIGJNdM7FWdj7zDv3FUXecpGh1BVJJ > +zp6CJsZ8VoX0yppZDO1uH2Ql7pXNKDsacsnE8bC83jwL5av5TEkxyuOJkFgAeb8G > +aunxATDeqKdptPVaiY0nOgjaB/m+ZQ5vgX8eErwvmQUnaEV6KJ6pzbKnE86ezZEq > +g/ZCR2BReCOtAnU8F6oTQVKkifhdUCaCUitgwJyVDA8B0H6Fh1rrl/0jNWnYeja8 > +VzTUPfU6wMLZt32lBeg952qzX41Fc0jJZBVgTsZ2aI58vILeMTjaf9VV2EZwNe8L > +Ldkm8T2GrsfzQEFRa2/W7SLPt9SWXv/Ygi6w/QIDAQABAoIBAEBJrYvkOnCmMny7 > +GdMd6Qxsz0erLYJnqXs1n/BfehGW9DChEt8mYKoGqMet5Dir/iQ90+m/GrpJM4bQ > +fiSoTm6q/MJPWNsv9TRMkSBSy4BBwQWuZnnDBRmJptWiRI8k2gqr+gTGUTk8H/vD > +zUJ41ljjM9ew367aslLt8bp7H7s+JBLi60F9PnnMJ+fZJpdB2trRvzwp0gWN1kEy > +VQUydSEV1yLT/rFkFcm8gRceTlh2yb3CPbZDMF/CExNahnxFaibKYtXd7J26jHKN > +TbSPO7Rm6e3AcyLZMxyyC4PcU975Bg22HThZFEYDCYLyZuc4zCHxnWFmtEhEc/Vn > +AHEaW9ECgYEA4nDLUHt7y6HUUr/TJo5fNJ5Jc/yK+2J/brUmVBiL49j+rvpqfq8A > +1ozT6Ga6I+PjRhA+CvrjfCG7wUi71rjx1QGThCGUrko7VYG/Un3jus1dem/PR/nq > +Tt27GTalmwCIjrHxUH6CTv4uOKdd7LlEXNqyqq2UbGShOai0xsOPr2cCgYEA4GJI > +vohNsuhfjA7K+PdJ3BmRtC5WIUZYthT86//vumn4AURmUJvWc5+q0cC6tPM01HIH > +BqO/ZFPD7p9GIh9ZbDWsEL5A4r3sLT2vFk3MV9iwiqb0WpZbg9KVuhNOaZ47JKFR > +YxpaHcLUdcDXvrqz+o/l2ITG5x/FFkMQlRiNMfsCgYEA2R15dEPSIR+bq3QOCyv7 > +kUIr/7Anun1o3keG5p9aki8fk7q7nZhC33TMQkstMvhwlF9Cfditgfn+Qodww6M1 > +DR2jyc9A9hRq68OqJHhcgGIkvR6zyrmPterYWIaTJxnN1bQ8Qwfp/b+tpdikMDQ7 > +niR7pzcj1wJtrBFctDASdwUCgYEAxCUGZA/wo+k/xMYVpic9WHq9hJ1Qy0ucNqcI > +JSEYpYMGuczaB7MCdxZnE25/h7hmQSPggmxX3VLgHtL6Us/GsrIEVKqLO+o775xR > +VpTxgQU55iplxl5TZ1uJaRyBWhBosO+XnqMljYiHgtvtfJvmwqxRhsEiwl1iQsCj > +WUIaA0sCgYAuRXM1HmWzAfCpANJVWyjswr9Zg4KjCC2QSM2XOGaTISyNPyKyQ3Yf > ++xz41ggx6uss1oyyYTXkZ+mGsJJ3fFZWG3k/w0tZwMhS9RzFd1qJTrMqXy+MeCG1 > +nb2nTEYNih5Yq5A+ZzYWhSZ7qAZP0oFdtb6TaR8ke3SYFpJqZzvD7g== > -----END RSA PRIVATE KEY----- > -- > 2.17.2 > > _______________________________________________ > Spice-devel mailing list > Spice-devel@xxxxxxxxxxxxxxxxxxxxx > https://lists.freedesktop.org/mailman/listinfo/spice-devel
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ Spice-devel mailing list Spice-devel@xxxxxxxxxxxxxxxxxxxxx https://lists.freedesktop.org/mailman/listinfo/spice-devel