From: | dam [...] cpan.org |
Subject: | [PATCH] use 4096-bit test certificate (fixes tests with openssl 1.1.1) |
In Debian we are currently applying the following patch to
Net-Server-Mail.
We thought you might be interested in it too.
Description: use 4096-bit test certificate
Openssl 1.1.1 raises its default security level from 1 to 2, which means it
refuses to work with certificates with weak keys, which for RSA means at least
2048-bit keys.
.
The test certificate in t/certs uses a 1024-bit RSA key, which leads to the
following error:
.
t/starttls.t .. 1/? # Error: TLS handshake failed SSL connect attempt
failed error:1408F10B:SSL routines:ssl3_get_record:wrong version number at
t/starttls.t line 116.
.
Re-creating the test certificate and key with:
openssl req -x509 -newkey rsa:4096 -nodes \
-keyout t/certs/server-key.pem \
-out t/certs/server-cert.pem \
-days 5000 -text
makes the test pass with openssl 1.1.1
Author: Damyan Ivanov <dmn@debian.org>
The patch is tracked in our Git repository at
https://salsa.debian.org/perl-team/modules/packages/libnet-server-mail-perl/raw/master/debian/patches/4096-bit-test-certificate.patch
Thanks for considering,
Damyan Ivanov,
Debian Perl Group