From 233eb64672bfa3430daa0a08786145162fd8a8c8 Mon Sep 17 00:00:00 2001

From: Fabien Boucher <fboucher@redhat.com>

Date: Tue, 21 Jul 2020 10:27:57 +0000

Subject: [PATCH] Bump crypto requirement to accomodate security standards

On Fedora rawhide the gear package no longer build.

https://koschei.fedoraproject.org/package/python-gear?

This patch ensures that the ssl engine does not complains about:

- ssl.SSLError: [SSL: EE_KEY_TOO_SMALL] ee key too small (_ssl.c:2951)

- ssl.SSLError: [SSL: CA_MD_TOO_WEAK] ca md too weak (_ssl.c:2951)

To reproduce the issue:

podman run -it --root fedora:rawhide

dnf install git libffi-devel python-devel tox gcc

git clone https://opendev.org/opendev/gear.git && cd gear

tox -epy39

tox -epy38

Change-Id: I57cd9c4750f27b7b76e92a0eef03e7de70c13dd5

---

 gear/tests/test_functional.py | 4 ++--

 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/gear/tests/test_functional.py b/gear/tests/test_functional.py

index 3bca907..ca9b8c1 100644

--- a/gear/tests/test_functional.py

+++ b/gear/tests/test_functional.py

@@ -78,7 +78,7 @@ class TestFunctional(tests.BaseTestCase):

     def create_cert(self, cn, issuer=None, signing_key=None):

         key = crypto.PKey()

-        key.generate_key(crypto.TYPE_RSA, 1024)

+        key.generate_key(crypto.TYPE_RSA, 2048)

         cert = crypto.X509()

         subject = cert.get_subject()

@@ -97,7 +97,7 @@ class TestFunctional(tests.BaseTestCase):

         else:

             cert.set_issuer(subject)

         if signing_key:

-            cert.sign(signing_key, 'sha1')

+            cert.sign(signing_key, 'sha256')

         else:

             cert.sign(key, 'sha1')

-- 

2.28.0.rc1