From: Tobias Brunner Date: Mon, 18 Oct 2021 12:27:14 +0000 (+0200) Subject: testing: Use AES and SHA-256 to protect PKCS#12 files X-Git-Tag: 5.9.5dr1~3 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=8c48de739d5b49de2ecc0d257cf58a2dec253b4a;p=thirdparty%2Fstrongswan.git testing: Use AES and SHA-256 to protect PKCS#12 files The -aes128 option is used when encrypting private keys read from a PKCS#12 file, not when generating such a file. --- diff --git a/testing/scripts/build-certs-chroot b/testing/scripts/build-certs-chroot index 4c84f5311c..85f2d03321 100755 --- a/testing/scripts/build-certs-chroot +++ b/testing/scripts/build-certs-chroot @@ -343,8 +343,8 @@ HOST_CERT="${DIR}/hosts/moon/${SWANCTL_DIR}/x509/moonCert.pem" MOON_PKCS12="${TEST}/hosts/moon/${SWANCTL_DIR}/pkcs12/moonCert.p12" mkdir -p ${TEST}/hosts/moon/${SWANCTL_DIR}/pkcs12 openssl pkcs12 -export -inkey ${HOST_KEY} -in ${HOST_CERT} -name "moon" \ - -certfile ${CA_CERT} -caname "strongSwan Root CA" \ - -aes128 -passout "pass:kUqd8O7mzbjXNJKQ" > ${MOON_PKCS12} 2> /dev/null + -certfile ${CA_CERT} -caname "strongSwan Root CA" -keypbe aes-128-cbc \ + -certpbe aes-128-cbc -macalg sha256 -passout "pass:kUqd8O7mzbjXNJKQ" > ${MOON_PKCS12} # Create PKCS#12 file for sun HOST_KEY="${DIR}/hosts/sun/${SWANCTL_DIR}/rsa/sunKey.pem" @@ -352,8 +352,8 @@ HOST_CERT="${DIR}/hosts/sun/${SWANCTL_DIR}/x509/sunCert.pem" SUN_PKCS12="${TEST}/hosts/sun/${SWANCTL_DIR}/pkcs12/sunCert.p12" mkdir -p ${TEST}/hosts/sun/${SWANCTL_DIR}/pkcs12 openssl pkcs12 -export -inkey ${HOST_KEY} -in ${HOST_CERT} -name "sun" \ - -certfile ${CA_CERT} -caname "strongSwan Root CA" \ - -aes128 -passout "pass:IxjQVCF3JGI+MoPi" > ${SUN_PKCS12} 2> /dev/null + -certfile ${CA_CERT} -caname "strongSwan Root CA" -keypbe aes-128-cbc \ + -certpbe aes-128-cbc -macalg sha256 -passout "pass:IxjQVCF3JGI+MoPi" > ${SUN_PKCS12} # Put a PKCS#12 copy into the botan/net2net-pkcs12 scenario for t in botan/net2net-pkcs12 openssl-ikev2/net2net-pkcs12