curl/tests/certs/EdelCurlRoot-ca.cnf
Paul Howarth ef07452a5c
tests: avoid use of sha1 in certificates
The SHA-1 algorithm is deprecated (particularly for security-sensitive
applications) in a variety of OS environments. This already affects
RHEL-9 and derivatives, which are not willing to use certificates using
that algorithm. The fix is to use sha256 instead, which is already used
for most of the other certificates in the test suite.

Fixes #10135

This gets rid of issues related to sha1 signatures.

Manual steps after "make clean-certs" and "make build-certs":

- Copy tests/certs/stunnel-sv.pem to tests/stunnel.pem
  (make clean-certs does not remove the original tests/stunnel.pem)

- Copy tests/certs/Server-localhost-sv.pubkey-pinned into --pinnedpubkey
  options of tests/data/test2041 and tests/data/test2087

Closes #10153
2022-12-26 09:47:43 +01:00

12 lines
242 B
INI

[ ca ]
default_ca = EdelCurlRoot
[ EdelCurlRoot ]
database = EdelCurlRoot-ca.db
certificate = EdelCurlRoot-ca.crt
private_key = EdelCurlRoot-ca.key
crlnumber = EdelCurlRoot-ca.cnt
default_md = sha256
default_days = 365
default_crl_days = 30