Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Missing make rule for test/fixtures/keys/0-dns-* #10228

Closed
kapouer opened this issue Dec 11, 2016 · 3 comments
Closed

Missing make rule for test/fixtures/keys/0-dns-* #10228

kapouer opened this issue Dec 11, 2016 · 3 comments
Labels
crypto Issues and PRs related to the crypto subsystem. openssl Issues and PRs related to the OpenSSL dependency. test Issues and PRs related to the tests.

Comments

@kapouer
Copy link
Contributor

kapouer commented Dec 11, 2016
edited
Loading

Part of ssl 1.1.0 transition will require to rebuild old certificates fixtures
to use stronger encryption, and i don't find how to rebuild those files.
@addaleax addaleax added crypto Issues and PRs related to the crypto subsystem. openssl Issues and PRs related to the OpenSSL dependency. test Issues and PRs related to the tests. labels Dec 11, 2016
@addaleax
Copy link
Member

@indutny

@sam-github
Copy link
Contributor

I skimmed #8491, and don't understand why a new ossl should require cert rebuild. Please explain.

However, it would be good if the Makefile built all the certs, and it doesn't. It would be even nicer if it only build the ones that were missing... so that it was easy to add new cert variants without regenerating the root keys and rebuilding their certs.

Unfortunately, ossl doesn't seem capable of building certs completely from CLI args, it needs custom config files. I've been poking at this a bit, but haven't had the time to get anywhere (I want more certs issued by sub-CAs, among other things).

@kapouer
Copy link
Contributor Author

kapouer commented Dec 12, 2016

The reason is simple, openssl throw errors about using too short keys, so new, longer keys, must be regenerated.

@shigeki shigeki mentioned this issue Feb 27, 2017
Closed
3 tasks
italoacasas pushed a commit to italoacasas/node that referenced this issue Mar 13, 2017
@shigeki @italoacasas
test: add script to create 0-dns-cert.pem
c01c7a4 
0-dns-cert.pem  and 0-dns-key.pem were stored in `test/fixtures/key`
directory, but the cert file cannot be created with the openssl
command via Makefile.

Added a script to create it with using  `asn1.js` and
`asn1.js-rfc5280` and moved them out of key directory and put into
`test/fixtures/0-dns`.

The domains listed in the cert were also changed into example.com and
example.org to show the use for only testing.

Fixes: nodejs#10228
PR-URL: nodejs#11579
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
jungx098 pushed a commit to jungx098/node that referenced this issue Mar 21, 2017
@shigeki @jungx098
test: add script to create 0-dns-cert.pem
f76a167 
0-dns-cert.pem  and 0-dns-key.pem were stored in `test/fixtures/key`
directory, but the cert file cannot be created with the openssl
command via Makefile.

Added a script to create it with using  `asn1.js` and
`asn1.js-rfc5280` and moved them out of key directory and put into
`test/fixtures/0-dns`.

The domains listed in the cert were also changed into example.com and
example.org to show the use for only testing.

Fixes: nodejs#10228
PR-URL: nodejs#11579
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
MylesBorins pushed a commit that referenced this issue Apr 17, 2017
@shigeki @MylesBorins
test: add script to create 0-dns-cert.pem
60da9ae 
0-dns-cert.pem  and 0-dns-key.pem were stored in `test/fixtures/key`
directory, but the cert file cannot be created with the openssl
command via Makefile.

Added a script to create it with using  `asn1.js` and
`asn1.js-rfc5280` and moved them out of key directory and put into
`test/fixtures/0-dns`.

The domains listed in the cert were also changed into example.com and
example.org to show the use for only testing.

Fixes: #10228
PR-URL: #11579
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
MylesBorins pushed a commit that referenced this issue Apr 19, 2017
@shigeki @MylesBorins
test: add script to create 0-dns-cert.pem
aa98150 
0-dns-cert.pem  and 0-dns-key.pem were stored in `test/fixtures/key`
directory, but the cert file cannot be created with the openssl
command via Makefile.

Added a script to create it with using  `asn1.js` and
`asn1.js-rfc5280` and moved them out of key directory and put into
`test/fixtures/0-dns`.

The domains listed in the cert were also changed into example.com and
example.org to show the use for only testing.

Fixes: #10228
PR-URL: #11579
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
andrew749 pushed a commit to michielbaird/node that referenced this issue Jul 19, 2017
@shigeki @andrew749
test: add script to create 0-dns-cert.pem
039c984 
0-dns-cert.pem  and 0-dns-key.pem were stored in `test/fixtures/key`
directory, but the cert file cannot be created with the openssl
command via Makefile.

Added a script to create it with using  `asn1.js` and
`asn1.js-rfc5280` and moved them out of key directory and put into
`test/fixtures/0-dns`.

The domains listed in the cert were also changed into example.com and
example.org to show the use for only testing.

Fixes: nodejs/node#10228
PR-URL: nodejs/node#11579
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
crypto Issues and PRs related to the crypto subsystem. openssl Issues and PRs related to the OpenSSL dependency. test Issues and PRs related to the tests.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@sam-github @kapouer @addaleax