Return-Path: 
 <test-commits-return-324-apmail-perl-test-commits-archive=www.apache.org@perl.apache.org>
X-Original-To: apmail-perl-test-commits-archive@www.apache.org
Delivered-To: apmail-perl-test-commits-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 3A97417D3E
	for <apmail-perl-test-commits-archive@www.apache.org>;
 Sun, 27 Sep 2015 13:05:46 +0000 (UTC)
Received: (qmail 43682 invoked by uid 500); 27 Sep 2015 13:05:43 -0000
Mailing-List: contact test-commits-help@perl.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:test-commits-help@perl.apache.org>
List-Unsubscribe: <mailto:test-commits-unsubscribe@perl.apache.org>
List-Post: <mailto:test-commits@perl.apache.org>
List-Id: <test-commits.perl.apache.org>
Reply-To: test-dev@perl.apache.org
Delivered-To: mailing list test-commits@perl.apache.org
Received: (qmail 43673 invoked by uid 99); 27 Sep 2015 13:05:43 -0000
Received: from Unknown (HELO spamd3-us-west.apache.org) (209.188.14.142)
    by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 27 Sep 2015 13:05:43 +0000
Received: from localhost (localhost [127.0.0.1])
	by spamd3-us-west.apache.org (ASF Mail Server at spamd3-us-west.apache.org)
 with ESMTP id 900381809D1
	for <test-commits@perl.apache.org>; Sun, 27 Sep 2015 13:05:42 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at spamd3-us-west.apache.org
X-Spam-Flag: NO
X-Spam-Score: -0.005
X-Spam-Level: 
X-Spam-Status: No, score=-0.005 tagged_above=-999 required=6.31
	tests=[RP_MATCHES_RCVD=-0.006, URIBL_BLOCKED=0.001] autolearn=disabled
Received: from mx1-eu-west.apache.org ([10.40.0.8])
	by localhost (spamd3-us-west.apache.org [10.40.0.10]) (amavisd-new,
 port 10024)
	with ESMTP id jYqJ4fW4BAKQ for <test-commits@perl.apache.org>;
	Sun, 27 Sep 2015 13:05:37 +0000 (UTC)
Received: from mailrelay1-us-west.apache.org (mailrelay1-us-west.apache.org
 [209.188.14.139])
	by mx1-eu-west.apache.org (ASF Mail Server at mx1-eu-west.apache.org) with
 ESMTP id 584EA20515
	for <test-commits@perl.apache.org>; Sun, 27 Sep 2015 13:05:36 +0000 (UTC)
Received: from svn01-us-west.apache.org (svn.apache.org [10.41.0.6])
	by mailrelay1-us-west.apache.org (ASF Mail Server at
 mailrelay1-us-west.apache.org) with ESMTP id 5FBDCE07B5
	for <test-commits@perl.apache.org>; Sun, 27 Sep 2015 13:05:35 +0000 (UTC)
Received: from svn01-us-west.apache.org (localhost [127.0.0.1])
	by svn01-us-west.apache.org (ASF Mail Server at svn01-us-west.apache.org)
 with ESMTP id 2A1C83A0634
	for <test-commits@perl.apache.org>; Sun, 27 Sep 2015 13:05:35 +0000 (UTC)
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: svn commit: r1705534 -
 /perl/Apache-Test/trunk/lib/Apache/TestSSLCA.pm
Date: Sun, 27 Sep 2015 13:05:35 -0000
To: test-commits@perl.apache.org
From: kbrand@apache.org
X-Mailer: svnmailer-1.0.9
Message-Id: <20150927130535.2A1C83A0634@svn01-us-west.apache.org>

Author: kbrand
Date: Sun Sep 27 13:05:34 2015
New Revision: 1705534

URL: http://svn.apache.org/viewvc?rev=1705534&view=rev
Log:
update key sizes and message digest to what is common in 2015

Modified:
    perl/Apache-Test/trunk/lib/Apache/TestSSLCA.pm

Modified: perl/Apache-Test/trunk/lib/Apache/TestSSLCA.pm
URL: http://svn.apache.org/viewvc/perl/Apache-Test/trunk/lib/Apache/TestSSLCA.pm?rev=1705534&r1=1705533&r2=1705534&view=diff
==============================================================================
--- perl/Apache-Test/trunk/lib/Apache/TestSSLCA.pm (original)
+++ perl/Apache-Test/trunk/lib/Apache/TestSSLCA.pm Sun Sep 27 13:05:34 2015
@@ -46,6 +46,7 @@ my $cakey    = 'keys/ca.pem';
 my $cacert   = 'certs/ca.crt';
 my $capolicy = '-policy policy_anything';
 my $cacrl    = 'crl/ca-bundle.crl';
+my $dgst     = 'sha256';
 
 #we use the same password for everything
 my $pass    = 'httpd';
@@ -57,6 +58,12 @@ my $email_field = Apache::Test::normaliz
                   Apache::Test::normalize_vstring("0.9.7") ?
                   "Email" : "emailAddress";
 
+# downgrade to SHA-1 for OpenSSL before 0.9.8
+if (Apache::Test::normalize_vstring($version) <
+    Apache::Test::normalize_vstring("0.9.8")) {
+    $dgst = 'sha1';
+}
+
 my $ca_dn = {
     asf => {
         C  => 'US',
@@ -211,7 +218,7 @@ sub config_file {
 distinguished_name     = req_distinguished_name
 attributes             = req_attributes
 prompt                 = no
-default_bits           = 1024
+default_bits           = 2048
 output_password        = $pass
 
 [ req_distinguished_name ]
@@ -242,7 +249,7 @@ private_key      = $cakey       # The pr
 
 default_days     = 365          # how long to certify for
 default_crl_days = 365          # how long before next CRL
-default_md       = sha1         # which md to use.
+default_md       = $dgst        # which md to use.
 preserve         = no           # keep passed DN ordering
 
 [ policy_anything ]
@@ -305,12 +312,12 @@ sub new_key {
         #this takes a long time so just do it once
         #don't do this in real life
         unless (-e 'dsa-param') {
-            openssl dsaparam => '-inform PEM -out dsa-param 1024';
+            openssl dsaparam => '-inform PEM -out dsa-param 2048';
         }
         openssl gendsa => "dsa-param $out";
     }
     else {
-        openssl genrsa => "$out 1024";
+        openssl genrsa => "$out 2048";
     }
 }
 
@@ -552,5 +559,9 @@ sub version {
     return 0;
 }
 
+sub dgst {
+    return $dgst;
+}
+
 1;
 __END__