From: Jeff King Date: Wed, 1 Feb 2023 11:39:26 +0000 (-0500) Subject: t/lib-httpd: increase ssl key size to 2048 bits X-Git-Tag: v2.40.0-rc0~30^2 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=b08edf709dfcd79c3691370930cd89c4b9b16d2f;p=thirdparty%2Fgit.git t/lib-httpd: increase ssl key size to 2048 bits Recent versions of openssl will refuse to work with 1024-bit RSA keys, as they are considered insecure. I didn't track down the exact version in which the defaults were tightened, but the Debian-package openssl 3.0 on my system yields: $ LIB_HTTPD_SSL=1 ./t5551-http-fetch-smart.sh -v -i [...] SSL Library Error: error:0A00018F:SSL routines::ee key too small 1..0 # SKIP web server setup failed This could probably be overcome with configuration, but that's likely to be a headache (especially if it requires touching /etc/openssl). Let's just pick a key size that's less outrageously out of date. Signed-off-by: Jeff King Signed-off-by: Junio C Hamano --- diff --git a/t/lib-httpd/ssl.cnf b/t/lib-httpd/ssl.cnf index 6dab2579cb..812e8253f0 100644 --- a/t/lib-httpd/ssl.cnf +++ b/t/lib-httpd/ssl.cnf @@ -1,7 +1,7 @@ RANDFILE = $ENV::RANDFILE_PATH [ req ] -default_bits = 1024 +default_bits = 2048 distinguished_name = req_distinguished_name prompt = no [ req_distinguished_name ]