From 152de04f7c41b0cc3da270f7aac690da44362db6 Mon Sep 17 00:00:00 2001 From: Gerhard Rieger Date: Thu, 29 Oct 2020 13:50:51 +0100 Subject: [PATCH] test.sh: Ubuntu 20.04 requires 2048 bit certificates --- CHANGES | 2 ++ test.sh | 7 ++++--- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/CHANGES b/CHANGES index 1b383ab..7ad4b53 100644 --- a/CHANGES +++ b/CHANGES @@ -15,6 +15,8 @@ Testing: Fix: use TLSv1.2 for renegotiation tests Tests: OPENSSLRENEG1 OPENSSLRENEG2 + Ubuntu 20.04 requires 2048 bit certificates with OpenSSL + ####################### V 1.7.3.4: Corrections: diff --git a/test.sh b/test.sh index de275bd..e83a68d 100755 --- a/test.sh +++ b/test.sh @@ -108,7 +108,8 @@ TESTCERT_ORGANIZATIONALUNITNAME="socat" TESTCERT_ORGANIZATIONNAME="dest-unreach" TESTCERT_SUBJECT="C = $TESTCERT_COUNTRYNAME, CN = $TESTCERT_COMMONNAME, O = $TESTCERT_ORGANIZATIONNAME, OU = $TESTCERT_ORGANIZATIONALUNITNAME, L = $TESTCERT_LOCALITYNAME" TESTCERT_ISSUER="C = $TESTCERT_COUNTRYNAME, CN = $TESTCERT_COMMONNAME, O = $TESTCERT_ORGANIZATIONNAME, OU = $TESTCERT_ORGANIZATIONALUNITNAME, L = $TESTCERT_LOCALITYNAME" -RSABITS=1024 +RSABITS=2048 # Ubuntu-20.04 with OpenSSL-1.1.1f does not work with 1024 nor 1536 +DSABITS=2048 cat >$TESTCERT_CONF </dev/null 2>&1 - openssl dhparam -dsaparam -out $name-dh.pem 1024 >/dev/null 2>&1 + openssl dsaparam -out $name-dsa.pem $DSABITS >/dev/null 2>&1 + openssl dhparam -dsaparam -out $name-dh.pem $DSABITS >/dev/null 2>&1 openssl req -newkey dsa:$name-dsa.pem -keyout $name.key -nodes -x509 -config $TESTCERT_CONF -out $name.crt -days 3653 >/dev/null 2>&1 cat $name-dsa.pem $name-dh.pem $name.key $name.crt >$name.pem }