-
Notifications
You must be signed in to change notification settings - Fork 30.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
test: generate des rsa_cert.pfx #28471
Conversation
My node distribution uses a shared openssl library with some ciphers disabled, including RC2. These tests (which use `rsa_cert.pfx`) fail with `unknown cipher`: - parallel/test-crypto-binary-default - parallel/test-https-pfx - parallel/test-crypto The other fixture .pfx's use the `-descert` option, I don't know if rsa_cert.pfx was generated without `-descert` intentionally or not but none of the tests reference RC2, and the tests pass with a des cert. I'm not an ssl/crypto expert, so I would appreciate any insight. Old key: ``` openssl pkcs12 -info -in test/fixtures/keys/rsa_cert.pfx -noout -passin pass:sample MAC Iteration 2048 MAC verified OK PKCS7 Encrypted data: pbeWithSHA1And40BitRC2-CBC, Iteration 2048 Certificate bag PKCS7 Data Shrouded Keybag: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 2048 ``` New ``` openssl pkcs12 -info -in test/fixtures/keys/rsa_cert.pfx -noout -passin pass:sample MAC Iteration 2048 MAC verified OK PKCS7 Encrypted data: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 2048 Certificate bag PKCS7 Data Shrouded Keybag: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 2048 ```
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the pull request. The reason for RC2 is simply because that's openssl pkcs12
's default.
None of the failing checks look related to my change. Am I expected to fix them in order to merge this PR? |
No, not if they are clearly unrelated. |
Landed in 6aafee1. Thanks for the contribution! 🎉 |
My node distribution uses a shared openssl library with some ciphers disabled, including RC2. These tests (which use `rsa_cert.pfx`) fail with `unknown cipher`: - parallel/test-crypto-binary-default - parallel/test-https-pfx - parallel/test-crypto The other fixture .pfx's use the `-descert` option, I don't know if rsa_cert.pfx was generated without `-descert` intentionally or not but none of the tests reference RC2, and the tests pass with a des cert. I'm not an ssl/crypto expert, so I would appreciate any insight. Old key: ``` openssl pkcs12 -info -in test/fixtures/keys/rsa_cert.pfx -noout -passin pass:sample MAC Iteration 2048 MAC verified OK PKCS7 Encrypted data: pbeWithSHA1And40BitRC2-CBC, Iteration 2048 Certificate bag PKCS7 Data Shrouded Keybag: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 2048 ``` New ``` openssl pkcs12 -info -in test/fixtures/keys/rsa_cert.pfx -noout -passin pass:sample MAC Iteration 2048 MAC verified OK PKCS7 Encrypted data: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 2048 Certificate bag PKCS7 Data Shrouded Keybag: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 2048 ``` PR-URL: nodejs#28471 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Rich Trott <rtrott@gmail.com>
My node distribution uses a shared openssl library with some ciphers disabled, including RC2. These tests (which use `rsa_cert.pfx`) fail with `unknown cipher`: - parallel/test-crypto-binary-default - parallel/test-https-pfx - parallel/test-crypto The other fixture .pfx's use the `-descert` option, I don't know if rsa_cert.pfx was generated without `-descert` intentionally or not but none of the tests reference RC2, and the tests pass with a des cert. I'm not an ssl/crypto expert, so I would appreciate any insight. Old key: ``` openssl pkcs12 -info -in test/fixtures/keys/rsa_cert.pfx -noout -passin pass:sample MAC Iteration 2048 MAC verified OK PKCS7 Encrypted data: pbeWithSHA1And40BitRC2-CBC, Iteration 2048 Certificate bag PKCS7 Data Shrouded Keybag: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 2048 ``` New ``` openssl pkcs12 -info -in test/fixtures/keys/rsa_cert.pfx -noout -passin pass:sample MAC Iteration 2048 MAC verified OK PKCS7 Encrypted data: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 2048 Certificate bag PKCS7 Data Shrouded Keybag: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 2048 ``` PR-URL: #28471 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Rich Trott <rtrott@gmail.com>
My node distribution uses a shared openssl library with some ciphers
disabled, including RC2.
These tests (which use
rsa_cert.pfx
) fail withunknown cipher
:This is a regression from 12.4.0
The other fixture .pfx's use the
-descert
option, I don't know ifrsa_cert.pfx was generated without
-descert
intentionally or not butnone of the tests reference RC2, and the tests pass with a des cert.
I'm not an ssl/crypto expert, so I would appreciate any insight.
Old key:
New
Checklist
make -j4 test
(UNIX), orvcbuild test
(Windows) passes