[Spice-devel] [PATCH spice-server] tests/pki: Use CA/certificate valid until 2048 and with 2048 bits

Christophe Fergeau cfergeau at redhat.com
Thu Dec 6 15:35:56 UTC 2018


On Tue, Dec 04, 2018 at 01:19:31PM +0000, Frediano Ziglio wrote:
> This changes tests/pki/server-cert.pem and tests/pki/ca-cert.pem to have
> 2048 bits. These certificates were generated using the
> instructions on https://www.spice-space.org/spice-user-manual.html
> The -subj args were omitted, and the defaults suggested by openssl used.
> The -days parameter was changed to -days 10950, the bits to 2048.
> 
> This fixes https://gitlab.freedesktop.org/spice/spice/issues/27.

I would add in the commit log that some distros are starting to use
stricter settings for their openssl configuration, which forbids 2048 bit
keys, and causes test suite failures.

Apart from this,
Acked-by: Christophe Fergeau <cfergeau at redhat.com>

Christophe

> 
> Signed-off-by: Frediano Ziglio <fziglio at redhat.com>
> ---
>  server/tests/pki/ca-cert.pem     | 27 ++++++++++++++---------
>  server/tests/pki/server-cert.pem | 23 +++++++++++--------
>  server/tests/pki/server-key.pem  | 38 +++++++++++++++++++++-----------
>  3 files changed, 55 insertions(+), 33 deletions(-)
> 
> diff --git a/server/tests/pki/ca-cert.pem b/server/tests/pki/ca-cert.pem
> index caa9312e..2e40da24 100644
> --- a/server/tests/pki/ca-cert.pem
> +++ b/server/tests/pki/ca-cert.pem
> @@ -1,15 +1,20 @@
>  -----BEGIN CERTIFICATE-----
> -MIICUjCCAbugAwIBAgIJAKM/WOQQB3iqMA0GCSqGSIb3DQEBCwUAMEIxCzAJBgNV
> +MIIDWjCCAkKgAwIBAgIJAILhGzNuNWQHMA0GCSqGSIb3DQEBCwUAMEIxCzAJBgNV
>  BAYTAlhYMRUwEwYDVQQHDAxEZWZhdWx0IENpdHkxHDAaBgNVBAoME0RlZmF1bHQg
> -Q29tcGFueSBMdGQwHhcNMTcwMzIzMTA0MDEwWhcNNDcwMzE2MTA0MDEwWjBCMQsw
> +Q29tcGFueSBMdGQwHhcNMTgxMjA0MTIxNjAzWhcNNDgxMTI2MTIxNjAzWjBCMQsw
>  CQYDVQQGEwJYWDEVMBMGA1UEBwwMRGVmYXVsdCBDaXR5MRwwGgYDVQQKDBNEZWZh
> -dWx0IENvbXBhbnkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDZXCWk
> -OuMVr45sAE9a7RM1K2brRdwzjdEqy1OV0dhqymL9YG/iygGp4HqwkLvLqEewq1bD
> -sCcIbRlOidmBv9+uhy2zU9tBzaAptB7Vb6lAAa0PHlUQnQskVcPCwsK7RxwWw0/J
> -pfld8qDAY1t8qM6mSy9Kuyk0X4FOvcuVQKCmiQIDAQABo1AwTjAdBgNVHQ4EFgQU
> -eCFCqTxHPsa+7B0vcCZyxEgCnBwwHwYDVR0jBBgwFoAUeCFCqTxHPsa+7B0vcCZy
> -xEgCnBwwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOBgQBr+TeJqQH+SlAp
> -GcA90SkGnqcEJSijjF9qcgmL0F5Z/yCBDaZa6F3wh/rXNZB2rKfQGW6Mem9KS8cm
> -lui4A1pomMZBWQMwUYP02UF1fHg76RCG7PMhBZR2GkqHqHWfZBfFigdIWKFrm5fq
> -92l4opvf97dSiOF9x1JLPUeoOOJL8A==
> +dWx0IENvbXBhbnkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
> +8jyIHqDhnkoNNMnC9ACMTgN0nZSJh0F2QQw4vajumoyVQ2wQmAC2BsndvYPhZV3/
> +2pGTl6X4LANUPWqGxp++ZJrzBUFPLIYKe1T7DCPyvoJoI6BKHYb15OrokryylGkO
> +QKgWYbCl3p+2R9KaADYWQdHaMs1VzKuEtZ5dmX9Or3qbU88tDeLvbirVhCxmmt2x
> +F4NF4V1ZKVud5DanPGxtSnNydmTvkaBwPTWYig6EpBp+UlV+cH1P7vbORXnNlT4C
> +x54d1v8qJIxunbYq/je0lgdIDYU/gFZ6t8PoS5iuP0s7aFjOfBCjl41oO3R4gNob
> +VXZQA7kVreiLbc6O9orbKwIDAQABo1MwUTAdBgNVHQ4EFgQUcDtvufvglN3CQ55v
> +3J30/2S7WDMwHwYDVR0jBBgwFoAUcDtvufvglN3CQ55v3J30/2S7WDMwDwYDVR0T
> +AQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAsAFKXWd8gBmp1yybvUUDIPDr
> +t+sPp71KcXkmhTEn8LL2xcYRhvAGgzhYQb/pCCvNU9to7TLlcehSlrfrzV7KwJzk
> +UWlxCd/lmTU/eM0rlxzzO90xV37u0H7BKSqBKQBrvuMEk9H2T+oXg9rkP8dQBQKF
> +BmrU7udE1SO324b5H1Sh3JobvvZ5IUei8nE5yqnGO3Oo8dl/V9LLyFdR+dCaE1jt
> +JrGxLUBfQthPmdI9V+A6oD45v5VS1Lbdg6SAfCuhqlCAZeg89gywy3v9DpKSZ8So
> +szIgdn8akS4vmcLv9qvwcIrf6rg1k11OJLGbGj0ySx30gREGFbVSwHq789LsfA==
>  -----END CERTIFICATE-----
> diff --git a/server/tests/pki/server-cert.pem b/server/tests/pki/server-cert.pem
> index 4bb20241..5ace4081 100644
> --- a/server/tests/pki/server-cert.pem
> +++ b/server/tests/pki/server-cert.pem
> @@ -1,13 +1,18 @@
>  -----BEGIN CERTIFICATE-----
> -MIIB8zCCAVwCAQEwDQYJKoZIhvcNAQELBQAwQjELMAkGA1UEBhMCWFgxFTATBgNV
> +MIIC+DCCAeACAQEwDQYJKoZIhvcNAQELBQAwQjELMAkGA1UEBhMCWFgxFTATBgNV
>  BAcMDERlZmF1bHQgQ2l0eTEcMBoGA1UECgwTRGVmYXVsdCBDb21wYW55IEx0ZDAe
> -Fw0xNzAzMjMxMDQwNDVaFw00NzAzMTYxMDQwNDVaMEIxCzAJBgNVBAYTAlhYMRUw
> +Fw0xODEyMDQxMjE2MDlaFw00ODExMjYxMjE2MDlaMEIxCzAJBgNVBAYTAlhYMRUw
>  EwYDVQQHDAxEZWZhdWx0IENpdHkxHDAaBgNVBAoME0RlZmF1bHQgQ29tcGFueSBM
> -dGQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMXDPMZLse8CuEwJKMkvEdmB
> -wK+33T0jOMkUJPt8LseLCjXmYOir2gWrsnP5fgxpwx/Xxb61ivwhAtC2mFcy3xXp
> -RNkDHk3F2XpGwD0Msj9tR9DYidyRz/rN1BRth5ZLm0TvjmwWcBb7qWICIVTLsp6z
> -XuM/erA3E00s7VANBlaPAgMBAAEwDQYJKoZIhvcNAQELBQADgYEA2Om01Qav2OQc
> -ZjIPUmlqSzY96xyT8gzCIOyQikCuJ3Qdem4Qv1c9RxDFxNSrnNINx7Rrtkqp7dM7
> -st+gUqdKc2jvb301TbS+SlDaK1Nre5vB8bPg1cJxUwWX1fDy2igIok0KmM1P7S8M
> -isa/qmobRb4rzvn3blThesqFez9xRhk=
> +dGQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGeaFsglHGN+XLMscC
> +XEgYk10zsVZ2PvMO/cVRd5ykaHUFUknOnoImxnxWhfTKmlkM7W4fZCXulc0oOxpy
> +ycTxsLzePAvlq/lMSTHK44mQWAB5vwZq6fEBMN6op2m09VqJjSc6CNoH+b5lDm+B
> +fx4SvC+ZBSdoRXoonqnNsqcTzp7NkSqD9kJHYFF4I60CdTwXqhNBUqSJ+F1QJoJS
> +K2DAnJUMDwHQfoWHWuuX/SM1adh6NrxXNNQ99TrAwtm3faUF6D3narNfjUVzSMlk
> +FWBOxnZojny8gt4xONp/1VXYRnA17wst2SbxPYaux/NAQVFrb9btIs+31JZe/9iC
> +LrD9AgMBAAEwDQYJKoZIhvcNAQELBQADggEBAGZKPFTKyplFuyn//kM7ZncZKbST
> +zjSoCljAkrOL6bPpgZ4Q2U1HVH5OFtYyH5p6woMY4GKqhq+hy+O6lfGmbiGg+cB0
> +doVH+/Tn6cWuctIu9Afb3JQWnagZMJLiUBBNYkRtFpxHDatRzsuJnzr66d0zne3v
> +reCvRYi/H36H0zY6xtvR6DORSy0EJ1C/PiRXUW+Uag2l0IcHsj6UlJ9gqYk+4bNL
> +u7rJcP11aGcdDcBwv/c08iYIcu3co0hxKMUpgPiz8wAipJSjDsJPYmeJcZyllBPk
> +XvCKpRHS8EhaYQ4lZbChJPR8RDlf9J1z4wY8HMcVKHTQfp9q9XrsbOJ4x/o=
>  -----END CERTIFICATE-----
> diff --git a/server/tests/pki/server-key.pem b/server/tests/pki/server-key.pem
> index 0851142b..f6a3aa79 100644
> --- a/server/tests/pki/server-key.pem
> +++ b/server/tests/pki/server-key.pem
> @@ -1,15 +1,27 @@
>  -----BEGIN RSA PRIVATE KEY-----
> -MIICXAIBAAKBgQDFwzzGS7HvArhMCSjJLxHZgcCvt909IzjJFCT7fC7Hiwo15mDo
> -q9oFq7Jz+X4MacMf18W+tYr8IQLQtphXMt8V6UTZAx5Nxdl6RsA9DLI/bUfQ2Inc
> -kc/6zdQUbYeWS5tE745sFnAW+6liAiFUy7Kes17jP3qwNxNNLO1QDQZWjwIDAQAB
> -AoGACwzjwnjMUnyma6k/XC6DItI7QBZYCGiFbcbwYhUIUCIWyfg7hgTEQ/jaGdzh
> -DDSEsKzP4d4nC/uUOrFZRdYT3P5pXXFOFHkCiiG6IZeoQ0nO1CNBh/t08Wcy9ASt
> -o9wIvAQHvvdp5vKBmkOydFWvnMix5ZOrWiAHVQo1vaUiYYECQQDoPsky1zpc9Ehf
> -8FY5Ayro62sxa0hwCNxdrFPu8d6M/J0iz+n47YhyKISE9498dWXepSe06rd2oMQ8
> -DubEF6xhAkEA2f2LFT1N6m6xQPlVkxmNc5M1RWmShmEiV818kgr7/ywk4VBD0RxT
> -yVwuEier2n92DFLzN7o1wQtqxeQnXwVo7wJAXNMLc6iWiSSR8NaMf8kGU4YUl/H7
> -R9wix8Xi3jQJ8WveGlXjfDzkNkx/eu2/ic0aZDy6fBL8NQvYovCJx4J2wQJAJlCR
> -JJ+M1Vq1XwU0DFHeceT65QNkVKg4ABTHA2hY2IXqyYtxEA0ZkPfZxSkh5Jqopgvi
> -YfYhwpd+IeAzJ1ltEwJBAMmPD9K/RzZKm05AZ20hVgo+BkLRQ5XlWtIuyiB8gFy1
> -OfpkFifKxclsVxT2WTizfZD0vlmlACrdiE4z4Zf/+/0=
> +MIIEpAIBAAKCAQEAxnmhbIJRxjflyzLHAlxIGJNdM7FWdj7zDv3FUXecpGh1BVJJ
> +zp6CJsZ8VoX0yppZDO1uH2Ql7pXNKDsacsnE8bC83jwL5av5TEkxyuOJkFgAeb8G
> +aunxATDeqKdptPVaiY0nOgjaB/m+ZQ5vgX8eErwvmQUnaEV6KJ6pzbKnE86ezZEq
> +g/ZCR2BReCOtAnU8F6oTQVKkifhdUCaCUitgwJyVDA8B0H6Fh1rrl/0jNWnYeja8
> +VzTUPfU6wMLZt32lBeg952qzX41Fc0jJZBVgTsZ2aI58vILeMTjaf9VV2EZwNe8L
> +Ldkm8T2GrsfzQEFRa2/W7SLPt9SWXv/Ygi6w/QIDAQABAoIBAEBJrYvkOnCmMny7
> +GdMd6Qxsz0erLYJnqXs1n/BfehGW9DChEt8mYKoGqMet5Dir/iQ90+m/GrpJM4bQ
> +fiSoTm6q/MJPWNsv9TRMkSBSy4BBwQWuZnnDBRmJptWiRI8k2gqr+gTGUTk8H/vD
> +zUJ41ljjM9ew367aslLt8bp7H7s+JBLi60F9PnnMJ+fZJpdB2trRvzwp0gWN1kEy
> +VQUydSEV1yLT/rFkFcm8gRceTlh2yb3CPbZDMF/CExNahnxFaibKYtXd7J26jHKN
> +TbSPO7Rm6e3AcyLZMxyyC4PcU975Bg22HThZFEYDCYLyZuc4zCHxnWFmtEhEc/Vn
> +AHEaW9ECgYEA4nDLUHt7y6HUUr/TJo5fNJ5Jc/yK+2J/brUmVBiL49j+rvpqfq8A
> +1ozT6Ga6I+PjRhA+CvrjfCG7wUi71rjx1QGThCGUrko7VYG/Un3jus1dem/PR/nq
> +Tt27GTalmwCIjrHxUH6CTv4uOKdd7LlEXNqyqq2UbGShOai0xsOPr2cCgYEA4GJI
> +vohNsuhfjA7K+PdJ3BmRtC5WIUZYthT86//vumn4AURmUJvWc5+q0cC6tPM01HIH
> +BqO/ZFPD7p9GIh9ZbDWsEL5A4r3sLT2vFk3MV9iwiqb0WpZbg9KVuhNOaZ47JKFR
> +YxpaHcLUdcDXvrqz+o/l2ITG5x/FFkMQlRiNMfsCgYEA2R15dEPSIR+bq3QOCyv7
> +kUIr/7Anun1o3keG5p9aki8fk7q7nZhC33TMQkstMvhwlF9Cfditgfn+Qodww6M1
> +DR2jyc9A9hRq68OqJHhcgGIkvR6zyrmPterYWIaTJxnN1bQ8Qwfp/b+tpdikMDQ7
> +niR7pzcj1wJtrBFctDASdwUCgYEAxCUGZA/wo+k/xMYVpic9WHq9hJ1Qy0ucNqcI
> +JSEYpYMGuczaB7MCdxZnE25/h7hmQSPggmxX3VLgHtL6Us/GsrIEVKqLO+o775xR
> +VpTxgQU55iplxl5TZ1uJaRyBWhBosO+XnqMljYiHgtvtfJvmwqxRhsEiwl1iQsCj
> +WUIaA0sCgYAuRXM1HmWzAfCpANJVWyjswr9Zg4KjCC2QSM2XOGaTISyNPyKyQ3Yf
> ++xz41ggx6uss1oyyYTXkZ+mGsJJ3fFZWG3k/w0tZwMhS9RzFd1qJTrMqXy+MeCG1
> +nb2nTEYNih5Yq5A+ZzYWhSZ7qAZP0oFdtb6TaR8ke3SYFpJqZzvD7g==
>  -----END RSA PRIVATE KEY-----
> -- 
> 2.17.2
> 
> _______________________________________________
> Spice-devel mailing list
> Spice-devel at lists.freedesktop.org
> https://lists.freedesktop.org/mailman/listinfo/spice-devel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.freedesktop.org/archives/spice-devel/attachments/20181206/b4bb52ee/attachment.sig>


More information about the Spice-devel mailing list