From: Kashyap Chamarthy <kchamart@redhat.com>
To: "Daniel P. Berrangé" <berrange@redhat.com>
Cc: Kevin Wolf <kwolf@redhat.com>,
qemu-devel@nongnu.org, qemu-block@nongnu.org,
Max Reitz <mreitz@redhat.com>
Subject: Re: [PATCH v2] crypto: use a stronger private key for tests
Date: Thu, 16 Jul 2020 10:20:27 +0200 [thread overview]
Message-ID: <20200716082027.GB11047@paraplu> (raw)
In-Reply-To: <20200715154701.1041325-1-berrange@redhat.com>
On Wed, Jul 15, 2020 at 04:47:01PM +0100, Daniel P. Berrangé wrote:
> The unit tests using the x509 crypto functionality have started
> failing in Fedora 33 rawhide with a message like
>
> The certificate uses an insecure algorithm
>
> This is result of Fedora changes to support strong crypto [1]. RSA
It looks like the reference [1] is supposed to resolve to the following
URL:
https://fedoraproject.org/wiki/Changes/StrongCryptoSettings2
Whoever is applying the patch might want to tweak the commit. FWIW:
Reviewed-by: Kashyap Chamarthy <kchamart@redhat.com>
> with 1024 bit key is viewed as legacy and thus insecure. Generate
> a new private key which is 3072 bits long and reasonable future
> proof.
>
> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
> ---
>
> Changed in v2:
>
> - ALso fix the I/O tests key
> - Use RSA key again instead of EC, since it is needed
> for the real TLS sessions in the I/O tests
>
> tests/crypto-tls-x509-helpers.c | 59 ++++++++++++++++++++++-----------
> tests/qemu-iotests/common.tls | 57 +++++++++++++++++++++----------
> 2 files changed, 79 insertions(+), 37 deletions(-)
>
[...]
--
/kashyap
next prev parent reply other threads:[~2020-07-16 8:23 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-07-15 15:47 [PATCH v2] crypto: use a stronger private key for tests Daniel P. Berrangé
2020-07-15 16:08 ` Philippe Mathieu-Daudé
2020-07-15 16:39 ` Daniel P. Berrangé
2020-07-16 8:20 ` Kashyap Chamarthy [this message]
2020-07-16 13:33 ` Kevin Wolf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200716082027.GB11047@paraplu \
--to=kchamart@redhat.com \
--cc=berrange@redhat.com \
--cc=kwolf@redhat.com \
--cc=mreitz@redhat.com \
--cc=qemu-block@nongnu.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).