diff options
| author | Christian Heimes <christian@python.org> | 2019-09-25 17:55:02 +0200 |
|---|---|---|
| committer | Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com> | 2019-09-25 08:55:02 -0700 |
| commit | bfd0c963d88f3df69489ee250655e2b8f3d235bd (patch) | |
| tree | 3f44b427ae53df34968ebeeeaf58bf98019a9256 /Lib/test/make_ssl_certs.py | |
| parent | 543a3951a1c96bae0ea839eacec71d3b1a563a10 (diff) | |
| download | cpython-bfd0c963d88f3df69489ee250655e2b8f3d235bd.tar.gz cpython-bfd0c963d88f3df69489ee250655e2b8f3d235bd.zip | |
bpo-38271: encrypt private key test files with AES256 (GH-16385)
The private keys for test_ssl were encrypted with 3DES in traditional
PKCS#5 format. 3DES and the digest algorithm of PKCS#5 are blocked by
some strict crypto policies. Use PKCS#8 format with AES256 encryption
instead.
Signed-off-by: Christian Heimes <christian@python.org>
https://bugs.python.org/issue38271
Automerge-Triggered-By: @tiran
Diffstat (limited to 'Lib/test/make_ssl_certs.py')
| -rw-r--r-- | Lib/test/make_ssl_certs.py | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/Lib/test/make_ssl_certs.py b/Lib/test/make_ssl_certs.py index 362276583f5..41b5f46c882 100644 --- a/Lib/test/make_ssl_certs.py +++ b/Lib/test/make_ssl_certs.py @@ -206,8 +206,8 @@ if __name__ == '__main__': with open('ssl_key.pem', 'w') as f: f.write(key) print("password protecting ssl_key.pem in ssl_key.passwd.pem") - check_call(['openssl','rsa','-in','ssl_key.pem','-out','ssl_key.passwd.pem','-des3','-passout','pass:somepass']) - check_call(['openssl','rsa','-in','ssl_key.pem','-out','keycert.passwd.pem','-des3','-passout','pass:somepass']) + check_call(['openssl','pkey','-in','ssl_key.pem','-out','ssl_key.passwd.pem','-aes256','-passout','pass:somepass']) + check_call(['openssl','pkey','-in','ssl_key.pem','-out','keycert.passwd.pem','-aes256','-passout','pass:somepass']) with open('keycert.pem', 'w') as f: f.write(key) |