test: generate des rsa_cert.pfx

My node distribution uses a shared openssl library with some ciphers disabled, including RC2. These tests (which use `rsa_cert.pfx`) fail with `unknown cipher`: - parallel/test-crypto-binary-default - parallel/test-https-pfx - parallel/test-crypto The other fixture .pfx's use the `-descert` option, I don't know if rsa_cert.pfx was generated without `-descert` intentionally or not but none of the tests reference RC2, and the tests pass with a des cert. I'm not an ssl/crypto expert, so I would appreciate any insight. Old key: ``` openssl pkcs12 -info -in test/fixtures/keys/rsa_cert.pfx -noout -passin pass:sample MAC Iteration 2048 MAC verified OK PKCS7 Encrypted data: pbeWithSHA1And40BitRC2-CBC, Iteration 2048 Certificate bag PKCS7 Data Shrouded Keybag: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 2048 ``` New ``` openssl pkcs12 -info -in test/fixtures/keys/rsa_cert.pfx -noout -passin pass:sample MAC Iteration 2048 MAC verified OK PKCS7 Encrypted data: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 2048 Certificate bag PKCS7 Data Shrouded Keybag: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 2048 ``` PR-URL: nodejs#28471 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Rich Trott <rtrott@gmail.com>
Trott · Jul 6, 2019 · 6aafee1 · 6aafee1
1 parent ba565a3
commit 6aafee1
Show file tree

Hide file tree

Showing 2 changed files with 1 addition and 1 deletion.
diff --git a/test/fixtures/keys/Makefile b/test/fixtures/keys/Makefile
@@ -631,7 +631,7 @@ rsa_cert.crt: rsa_private.pem
 	openssl req -new -x509 -days 99999 -key rsa_private.pem -config rsa_cert.cnf -out rsa_cert.crt
 
 rsa_cert.pfx: rsa_cert.crt
-	openssl pkcs12 -export -passout 'pass:sample' -inkey rsa_private.pem -in rsa_cert.crt -out rsa_cert.pfx
+	openssl pkcs12 -export -descert -passout 'pass:sample' -inkey rsa_private.pem -in rsa_cert.crt -out rsa_cert.pfx
 
 rsa_ca.crt: rsa_cert.crt
 	cp rsa_cert.crt rsa_ca.crt

diff --git a/test/fixtures/keys/rsa_cert.pfx b/test/fixtures/keys/rsa_cert.pfx