diff options
author | Yusuke Endoh <mame@ruby-lang.org> | 2019-05-27 23:44:15 +0900 |
---|---|---|
committer | Hiroshi SHIBATA <hsbt@ruby-lang.org> | 2019-05-28 10:07:29 +0900 |
commit | ae2a904ce9bffedee7d110dc60fd51c0a2879a5b (patch) | |
tree | c5700aae3271c01b5f52838cf48ebf713a4d2c2c /util | |
parent | cf904d9f9fb18fd2982651946125db62066c3ff5 (diff) | |
download | ruby-ae2a904ce9bffedee7d110dc60fd51c0a2879a5b.tar.gz |
Update the certificate files to make the test pass on Debian 10
The old certificate files (for example, test/rubygems/ca_cert.pem) were
signed by SHA1. This message digest is considered too weak and rejected
by OpenSSL 1.1.1 or later. Because of this, the test suite does not
pass on Debian 10.
https://rubyci.org/logs/rubyci.s3.amazonaws.com/debian/ruby-master/log/20190527T123003Z.fail.html.gz#test%2Frubygems
This change regenerates the files.
A shell script for the regeneration (util/create_certs.sh) is also
added.
Diffstat (limited to 'util')
-rw-r--r-- | util/create_certs.sh | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/util/create_certs.sh b/util/create_certs.sh new file mode 100644 index 0000000000..e339a3ba9c --- /dev/null +++ b/util/create_certs.sh @@ -0,0 +1,27 @@ +#!/bin/sh + +# cp /etc/ssl/openssl.cnf . # copied from OpenSSL 1.1.1b source + +rm -rf demoCA/ server/ client/ + +mkdir demoCA demoCA/private demoCA/newcerts +touch demoCA/index.txt +echo 00 > demoCA/serial +openssl genrsa -out demoCA/private/cakey.pem 2048 +openssl req -new -key demoCA/private/cakey.pem -out demoCA/careq.pem -subj "/C=JP/ST=Tokyo/O=RubyGemsTest/CN=CA" +openssl ca -batch -config openssl.cnf -extensions v3_ca -out demoCA/cacert.pem -startdate 090101000000Z -enddate 491231235959Z -batch -keyfile demoCA/private/cakey.pem -selfsign -infiles demoCA/careq.pem + +mkdir server +openssl genrsa -out server/server.key 2048 +openssl req -new -key server/server.key -out server/csr.pem -subj "/C=JP/ST=Tokyo/O=RubyGemsTest/CN=localhost" +openssl ca -batch -config openssl.cnf -startdate 090101000000Z -enddate 491231235959Z -in server/csr.pem -keyfile demoCA/private/cakey.pem -cert demoCA/cacert.pem -out server/cert.pem + +mkdir client +openssl genrsa -out client/client.key 2048 +openssl req -config openssl.cnf -new -key client/client.key -out client/csr.pem -subj "/C=JP/ST=Tokyo/O=RubyGemsTest/CN=client" +openssl ca -batch -config openssl.cnf -startdate 090101000000Z -enddate 491231235959Z -in client/csr.pem -keyfile demoCA/private/cakey.pem -cert demoCA/cacert.pem -out client/cert.pem + +cp demoCA/cacert.pem $(git rev-parse --show-toplevel)/test/rubygems/ca_cert.pem +cp server/cert.pem $(git rev-parse --show-toplevel)/test/rubygems/ssl_cert.pem +cp server/server.key $(git rev-parse --show-toplevel)/test/rubygems/ssl_key.pem +cat client/cert.pem client/client.key > $(git rev-parse --show-toplevel)/test/rubygems/client.pem |