diff options
author | emboss <emboss@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2012-08-28 20:03:32 +0000 |
---|---|---|
committer | emboss <emboss@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2012-08-28 20:03:32 +0000 |
commit | 9871dd5783963ad3d341ddb58f6bfe7ca7ceb444 (patch) | |
tree | f08e526f6291178d38b8e7efa5120854f57ab032 /test/openssl/utils.rb | |
parent | 9b9e6875e8a151a925fb92370c07f13c045c0a87 (diff) | |
download | ruby-9871dd5783963ad3d341ddb58f6bfe7ca7ceb444.tar.gz |
* test/openssl/utils.rb
test/openssl/test_pair.rb
test/openssl/test_pkey_dh.rb: Use 1024 bit DH parameters to satisfy
OpenSSL FIPS requirements. Patch by Vit Ondruch.
[Bug #6938] [ruby-core:47326]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@36843 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'test/openssl/utils.rb')
-rw-r--r-- | test/openssl/utils.rb | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/test/openssl/utils.rb b/test/openssl/utils.rb index 13989ad272..aa42ef0d34 100644 --- a/test/openssl/utils.rb +++ b/test/openssl/utils.rb @@ -92,13 +92,16 @@ CeBUl+MahZtn9fO1JKdF4qJmS39dXnpENg== end - TEST_KEY_DH512 = OpenSSL::PKey::DH.new <<-_end_of_pem_ + TEST_KEY_DH512_PUB = OpenSSL::PKey::DH.new <<-_end_of_pem_ -----BEGIN DH PARAMETERS----- MEYCQQDmWXGPqk76sKw/edIOdhAQD4XzjJ+AR/PTk2qzaGs+u4oND2yU5D2NN4wr aPgwHyJBiK1/ebK3tYcrSKrOoRyrAgEC -----END DH PARAMETERS----- _end_of_pem_ + + TEST_KEY_DH1024 = OpenSSL::PKey::DH.new(1024) + module_function def issue_cert(dn, key, serial, not_before, not_after, extensions, @@ -238,7 +241,6 @@ aPgwHyJBiK1/ebK3tYcrSKrOoRyrAgEC rescue Errno::EBADF, IOError, Errno::EINVAL, Errno::ECONNABORTED, Errno::ENOTSOCK, Errno::ECONNRESET end - DHParam = OpenSSL::PKey::DH.new(128) def start_server(port0, verify_mode, start_immediately, args = {}, &block) ctx_proc = args[:ctx_proc] server_proc = args[:server_proc] @@ -252,7 +254,7 @@ aPgwHyJBiK1/ebK3tYcrSKrOoRyrAgEC #ctx.extra_chain_cert = [ ca_cert ] ctx.cert = @svr_cert ctx.key = @svr_key - ctx.tmp_dh_callback = proc { DHParam } + ctx.tmp_dh_callback = proc { OpenSSL::TestUtils::TEST_KEY_DH1024 } ctx.verify_mode = verify_mode ctx_proc.call(ctx) if ctx_proc |