serf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Branko ─îibej <br...@apache.org>
Subject Re: svn commit: r1845542 - /serf/trunk/test/certs/create_certs.py
Date Thu, 15 Nov 2018 13:33:40 GMT
On 15.11.2018 13:46, Bert Huijben wrote:
> Webbrowsers are moving away from supporting MD5 in certificates. Should we
> also move to more secure hashes in our tests?

I don't think it matters for the tests; we'd effectively be testing
OpenSSL, not Serf, right? Also, the system OpenSSL (and hence default
pyopenssl) on macOS is still 0.9.x and that doesn't support anything
newer than SHA1, IIRC. That's just a complication for developers, of
course, not for users.

-- Brane


> On Fri, Nov 2, 2018 at 8:11 AM, <brane@apache.org> wrote:
>
>> Author: brane
>> Date: Fri Nov  2 07:11:48 2018
>> New Revision: 1845542
>>
>> URL: http://svn.apache.org/viewvc?rev=1845542&view=rev
>> Log:
>> * test/certs/create_certs.py (create_crl): Support versions of PyOpenSSL
>> that
>>    require that the digest parameter is set explicitly in crl.export().
>>
>> Suggested by: jamessan
>>
>> Modified:
>>     serf/trunk/test/certs/create_certs.py
>>
>> Modified: serf/trunk/test/certs/create_certs.py
>> URL: http://svn.apache.org/viewvc/serf/trunk/test/certs/create_
>> certs.py?rev=1845542&r1=1845541&r2=1845542&view=diff
>> ============================================================
>> ==================
>> --- serf/trunk/test/certs/create_certs.py (original)
>> +++ serf/trunk/test/certs/create_certs.py Fri Nov  2 07:11:48 2018
>> @@ -78,7 +78,13 @@ def create_crl(revokedcert, cakey, cacer
>>      revoked.set_rev_date(now_str)   # revoked as of now
>>
>>      crl.add_revoked(revoked)
>> -    open(crlfile, "wt").write(crl.export(cacert, cakey,
>> days=next_crl_days))
>> +    try:
>> +        exported = crl.export(cacert, cakey, days=next_crl_days,
>> digest=b"md5")
>> +    except TypeError:
>> +        # Some very old versions of pyopenssl (such as the one on macOS)
>> +        # do not support the 'digest' keyword argument.
>> +        exported = crl.export(cacert, cakey, days=next_crl_days)
>> +    open(crlfile, "wt").write(exported)
>>
>>  # subjectAltName
>>  def create_cert(subjectkey, certfile, issuer=None, issuerkey=None,
>> country='',
>>
>>
>>


Mime
View raw message