git.ipfire.org Git - thirdparty/libvirt.git/commit

author	Michal Privoznik <mprivozn@redhat.com>
	Wed, 1 Jul 2020 07:47:48 +0000 (09:47 +0200)
committer	Michal Privoznik <mprivozn@redhat.com>
	Wed, 1 Jul 2020 11:26:04 +0000 (13:26 +0200)
commit	c3fa17cd9a158f38416a80af3e0f712bf96ebf38
tree	7ec2e456332b4761690b8b6384352c2b7f1163a1	tree \| snapshot
parent	d57f361083c5053267e6d9380c1afe2abfcae8ac	commit \| diff

virnettlshelpers: Update private key

With the recent update of Fedora rawhide I've noticed
virnettlssessiontest and virnettlscontexttest failing with:

  Our own certificate servercertreq-ctx.pem failed validation
  against cacertreq-ctx.pem: The certificate uses an insecure
  algorithm

This is result of Fedora changes to support strong crypto [1]. RSA
with 1024 bit key is viewed as legacy and thus insecure. Generate
a new private key then. Moreover, switch to EC which is not only
shorter but also not deprecated that often as RSA. Generated
using the following command:

  openssl genpkey --outform PEM --out privkey.pem \
  --algorithm EC --pkeyopt ec_paramgen_curve:P-384 \
  --pkeyopt ec_param_enc:named_curve

1: https://fedoraproject.org/wiki/Changes/StrongCryptoSettings2

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>