serf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bert Huijben <b...@qqmail.nl>
Subject Re: svn commit: r1845542 - /serf/trunk/test/certs/create_certs.py
Date Thu, 15 Nov 2018 12:46:50 GMT
Webbrowsers are moving away from supporting MD5 in certificates. Should we
also move to more secure hashes in our tests?

On Fri, Nov 2, 2018 at 8:11 AM, <brane@apache.org> wrote:

> Author: brane
> Date: Fri Nov  2 07:11:48 2018
> New Revision: 1845542
>
> URL: http://svn.apache.org/viewvc?rev=1845542&view=rev
> Log:
> * test/certs/create_certs.py (create_crl): Support versions of PyOpenSSL
> that
>    require that the digest parameter is set explicitly in crl.export().
>
> Suggested by: jamessan
>
> Modified:
>     serf/trunk/test/certs/create_certs.py
>
> Modified: serf/trunk/test/certs/create_certs.py
> URL: http://svn.apache.org/viewvc/serf/trunk/test/certs/create_
> certs.py?rev=1845542&r1=1845541&r2=1845542&view=diff
> ============================================================
> ==================
> --- serf/trunk/test/certs/create_certs.py (original)
> +++ serf/trunk/test/certs/create_certs.py Fri Nov  2 07:11:48 2018
> @@ -78,7 +78,13 @@ def create_crl(revokedcert, cakey, cacer
>      revoked.set_rev_date(now_str)   # revoked as of now
>
>      crl.add_revoked(revoked)
> -    open(crlfile, "wt").write(crl.export(cacert, cakey,
> days=next_crl_days))
> +    try:
> +        exported = crl.export(cacert, cakey, days=next_crl_days,
> digest=b"md5")
> +    except TypeError:
> +        # Some very old versions of pyopenssl (such as the one on macOS)
> +        # do not support the 'digest' keyword argument.
> +        exported = crl.export(cacert, cakey, days=next_crl_days)
> +    open(crlfile, "wt").write(exported)
>
>  # subjectAltName
>  def create_cert(subjectkey, certfile, issuer=None, issuerkey=None,
> country='',
>
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message