mirrors/cpython
1
0
Fork 0
mirror of https://github.com/python/cpython.git synced 2025-11-01 18:51:43 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 21

bpo-38271: encrypt private key test files with AES256 (GH-16385)

Browse source 
The private keys for test_ssl were encrypted with 3DES in traditional
PKCS#5 format. 3DES and the digest algorithm of PKCS#5 are blocked by
some strict crypto policies. Use PKCS#8 format with AES256 encryption
instead.

Signed-off-by: Christian Heimes <christian@python.org>



https://bugs.python.org/issue38271



Automerge-Triggered-By: @tiran
This commit is contained in:
Christian Heimes 2019-09-25 17:55:02 +02:00 committed by Miss Islington (bot)
parent 543a3951a1
commit bfd0c963d8
4 changed files with 91 additions and 86 deletions
Download patch file Download diff file Expand all files Collapse all files

4
Lib/test/make_ssl_certs.py
View file

@ -206,8 +206,8 @@ if __name__ == '__main__':
with open('ssl_key.pem', 'w') as f:
f.write(key)
print("password protecting ssl_key.pem in ssl_key.passwd.pem")
check_call(['openssl','rsa','-in','ssl_key.pem','-out','ssl_key.passwd.pem','-des3','-passout','pass:somepass'])
check_call(['openssl','rsa','-in','ssl_key.pem','-out','keycert.passwd.pem','-des3','-passout','pass:somepass'])
check_call(['openssl','pkey','-in','ssl_key.pem','-out','ssl_key.passwd.pem','-aes256','-passout','pass:somepass'])
check_call(['openssl','pkey','-in','ssl_key.pem','-out','keycert.passwd.pem','-aes256','-passout','pass:somepass'])
with open('keycert.pem', 'w') as f:
f.write(key)