|
![](https://seccdn.libravatar.org/avatar/5e1593adc5227d97795adad19901445955d494f5479d85a639d655455ae6504e?s=16&d=retro) |
9126fc1 |
From 233eb64672bfa3430daa0a08786145162fd8a8c8 Mon Sep 17 00:00:00 2001
|
|
![](https://seccdn.libravatar.org/avatar/5e1593adc5227d97795adad19901445955d494f5479d85a639d655455ae6504e?s=16&d=retro) |
9126fc1 |
From: Fabien Boucher <fboucher@redhat.com>
|
|
![](https://seccdn.libravatar.org/avatar/5e1593adc5227d97795adad19901445955d494f5479d85a639d655455ae6504e?s=16&d=retro) |
9126fc1 |
Date: Tue, 21 Jul 2020 10:27:57 +0000
|
|
![](https://seccdn.libravatar.org/avatar/5e1593adc5227d97795adad19901445955d494f5479d85a639d655455ae6504e?s=16&d=retro) |
9126fc1 |
Subject: [PATCH] Bump crypto requirement to accomodate security standards
|
|
![](https://seccdn.libravatar.org/avatar/5e1593adc5227d97795adad19901445955d494f5479d85a639d655455ae6504e?s=16&d=retro) |
9126fc1 |
|
|
![](https://seccdn.libravatar.org/avatar/5e1593adc5227d97795adad19901445955d494f5479d85a639d655455ae6504e?s=16&d=retro) |
9126fc1 |
On Fedora rawhide the gear package no longer build.
|
|
![](https://seccdn.libravatar.org/avatar/5e1593adc5227d97795adad19901445955d494f5479d85a639d655455ae6504e?s=16&d=retro) |
9126fc1 |
https://koschei.fedoraproject.org/package/python-gear?
|
|
![](https://seccdn.libravatar.org/avatar/5e1593adc5227d97795adad19901445955d494f5479d85a639d655455ae6504e?s=16&d=retro) |
9126fc1 |
|
|
![](https://seccdn.libravatar.org/avatar/5e1593adc5227d97795adad19901445955d494f5479d85a639d655455ae6504e?s=16&d=retro) |
9126fc1 |
This patch ensures that the ssl engine does not complains about:
|
|
![](https://seccdn.libravatar.org/avatar/5e1593adc5227d97795adad19901445955d494f5479d85a639d655455ae6504e?s=16&d=retro) |
9126fc1 |
- ssl.SSLError: [SSL: EE_KEY_TOO_SMALL] ee key too small (_ssl.c:2951)
|
|
![](https://seccdn.libravatar.org/avatar/5e1593adc5227d97795adad19901445955d494f5479d85a639d655455ae6504e?s=16&d=retro) |
9126fc1 |
- ssl.SSLError: [SSL: CA_MD_TOO_WEAK] ca md too weak (_ssl.c:2951)
|
|
![](https://seccdn.libravatar.org/avatar/5e1593adc5227d97795adad19901445955d494f5479d85a639d655455ae6504e?s=16&d=retro) |
9126fc1 |
|
|
![](https://seccdn.libravatar.org/avatar/5e1593adc5227d97795adad19901445955d494f5479d85a639d655455ae6504e?s=16&d=retro) |
9126fc1 |
To reproduce the issue:
|
|
![](https://seccdn.libravatar.org/avatar/5e1593adc5227d97795adad19901445955d494f5479d85a639d655455ae6504e?s=16&d=retro) |
9126fc1 |
podman run -it --root fedora:rawhide
|
|
![](https://seccdn.libravatar.org/avatar/5e1593adc5227d97795adad19901445955d494f5479d85a639d655455ae6504e?s=16&d=retro) |
9126fc1 |
dnf install git libffi-devel python-devel tox gcc
|
|
![](https://seccdn.libravatar.org/avatar/5e1593adc5227d97795adad19901445955d494f5479d85a639d655455ae6504e?s=16&d=retro) |
9126fc1 |
git clone https://opendev.org/opendev/gear.git && cd gear
|
|
![](https://seccdn.libravatar.org/avatar/5e1593adc5227d97795adad19901445955d494f5479d85a639d655455ae6504e?s=16&d=retro) |
9126fc1 |
tox -epy39
|
|
![](https://seccdn.libravatar.org/avatar/5e1593adc5227d97795adad19901445955d494f5479d85a639d655455ae6504e?s=16&d=retro) |
9126fc1 |
tox -epy38
|
|
![](https://seccdn.libravatar.org/avatar/5e1593adc5227d97795adad19901445955d494f5479d85a639d655455ae6504e?s=16&d=retro) |
9126fc1 |
|
|
![](https://seccdn.libravatar.org/avatar/5e1593adc5227d97795adad19901445955d494f5479d85a639d655455ae6504e?s=16&d=retro) |
9126fc1 |
Change-Id: I57cd9c4750f27b7b76e92a0eef03e7de70c13dd5
|
|
![](https://seccdn.libravatar.org/avatar/5e1593adc5227d97795adad19901445955d494f5479d85a639d655455ae6504e?s=16&d=retro) |
9126fc1 |
---
|
|
![](https://seccdn.libravatar.org/avatar/5e1593adc5227d97795adad19901445955d494f5479d85a639d655455ae6504e?s=16&d=retro) |
9126fc1 |
gear/tests/test_functional.py | 4 ++--
|
|
![](https://seccdn.libravatar.org/avatar/5e1593adc5227d97795adad19901445955d494f5479d85a639d655455ae6504e?s=16&d=retro) |
9126fc1 |
1 file changed, 2 insertions(+), 2 deletions(-)
|
|
![](https://seccdn.libravatar.org/avatar/5e1593adc5227d97795adad19901445955d494f5479d85a639d655455ae6504e?s=16&d=retro) |
9126fc1 |
|
|
![](https://seccdn.libravatar.org/avatar/5e1593adc5227d97795adad19901445955d494f5479d85a639d655455ae6504e?s=16&d=retro) |
9126fc1 |
diff --git a/gear/tests/test_functional.py b/gear/tests/test_functional.py
|
|
![](https://seccdn.libravatar.org/avatar/5e1593adc5227d97795adad19901445955d494f5479d85a639d655455ae6504e?s=16&d=retro) |
9126fc1 |
index 3bca907..ca9b8c1 100644
|
|
![](https://seccdn.libravatar.org/avatar/5e1593adc5227d97795adad19901445955d494f5479d85a639d655455ae6504e?s=16&d=retro) |
9126fc1 |
--- a/gear/tests/test_functional.py
|
|
![](https://seccdn.libravatar.org/avatar/5e1593adc5227d97795adad19901445955d494f5479d85a639d655455ae6504e?s=16&d=retro) |
9126fc1 |
+++ b/gear/tests/test_functional.py
|
|
![](https://seccdn.libravatar.org/avatar/5e1593adc5227d97795adad19901445955d494f5479d85a639d655455ae6504e?s=16&d=retro) |
9126fc1 |
@@ -78,7 +78,7 @@ class TestFunctional(tests.BaseTestCase):
|
|
![](https://seccdn.libravatar.org/avatar/5e1593adc5227d97795adad19901445955d494f5479d85a639d655455ae6504e?s=16&d=retro) |
9126fc1 |
|
|
![](https://seccdn.libravatar.org/avatar/5e1593adc5227d97795adad19901445955d494f5479d85a639d655455ae6504e?s=16&d=retro) |
9126fc1 |
def create_cert(self, cn, issuer=None, signing_key=None):
|
|
![](https://seccdn.libravatar.org/avatar/5e1593adc5227d97795adad19901445955d494f5479d85a639d655455ae6504e?s=16&d=retro) |
9126fc1 |
key = crypto.PKey()
|
|
![](https://seccdn.libravatar.org/avatar/5e1593adc5227d97795adad19901445955d494f5479d85a639d655455ae6504e?s=16&d=retro) |
9126fc1 |
- key.generate_key(crypto.TYPE_RSA, 1024)
|
|
![](https://seccdn.libravatar.org/avatar/5e1593adc5227d97795adad19901445955d494f5479d85a639d655455ae6504e?s=16&d=retro) |
9126fc1 |
+ key.generate_key(crypto.TYPE_RSA, 2048)
|
|
![](https://seccdn.libravatar.org/avatar/5e1593adc5227d97795adad19901445955d494f5479d85a639d655455ae6504e?s=16&d=retro) |
9126fc1 |
|
|
![](https://seccdn.libravatar.org/avatar/5e1593adc5227d97795adad19901445955d494f5479d85a639d655455ae6504e?s=16&d=retro) |
9126fc1 |
cert = crypto.X509()
|
|
![](https://seccdn.libravatar.org/avatar/5e1593adc5227d97795adad19901445955d494f5479d85a639d655455ae6504e?s=16&d=retro) |
9126fc1 |
subject = cert.get_subject()
|
|
![](https://seccdn.libravatar.org/avatar/5e1593adc5227d97795adad19901445955d494f5479d85a639d655455ae6504e?s=16&d=retro) |
9126fc1 |
@@ -97,7 +97,7 @@ class TestFunctional(tests.BaseTestCase):
|
|
![](https://seccdn.libravatar.org/avatar/5e1593adc5227d97795adad19901445955d494f5479d85a639d655455ae6504e?s=16&d=retro) |
9126fc1 |
else:
|
|
![](https://seccdn.libravatar.org/avatar/5e1593adc5227d97795adad19901445955d494f5479d85a639d655455ae6504e?s=16&d=retro) |
9126fc1 |
cert.set_issuer(subject)
|
|
![](https://seccdn.libravatar.org/avatar/5e1593adc5227d97795adad19901445955d494f5479d85a639d655455ae6504e?s=16&d=retro) |
9126fc1 |
if signing_key:
|
|
![](https://seccdn.libravatar.org/avatar/5e1593adc5227d97795adad19901445955d494f5479d85a639d655455ae6504e?s=16&d=retro) |
9126fc1 |
- cert.sign(signing_key, 'sha1')
|
|
![](https://seccdn.libravatar.org/avatar/5e1593adc5227d97795adad19901445955d494f5479d85a639d655455ae6504e?s=16&d=retro) |
9126fc1 |
+ cert.sign(signing_key, 'sha256')
|
|
![](https://seccdn.libravatar.org/avatar/5e1593adc5227d97795adad19901445955d494f5479d85a639d655455ae6504e?s=16&d=retro) |
9126fc1 |
else:
|
|
![](https://seccdn.libravatar.org/avatar/5e1593adc5227d97795adad19901445955d494f5479d85a639d655455ae6504e?s=16&d=retro) |
9126fc1 |
cert.sign(key, 'sha1')
|
|
![](https://seccdn.libravatar.org/avatar/5e1593adc5227d97795adad19901445955d494f5479d85a639d655455ae6504e?s=16&d=retro) |
9126fc1 |
|
|
![](https://seccdn.libravatar.org/avatar/5e1593adc5227d97795adad19901445955d494f5479d85a639d655455ae6504e?s=16&d=retro) |
9126fc1 |
--
|
|
![](https://seccdn.libravatar.org/avatar/5e1593adc5227d97795adad19901445955d494f5479d85a639d655455ae6504e?s=16&d=retro) |
9126fc1 |
2.28.0.rc1
|
|
![](https://seccdn.libravatar.org/avatar/5e1593adc5227d97795adad19901445955d494f5479d85a639d655455ae6504e?s=16&d=retro) |
9126fc1 |
|
|
![](https://seccdn.libravatar.org/avatar/5e1593adc5227d97795adad19901445955d494f5479d85a639d655455ae6504e?s=16&d=retro) |
9126fc1 |
|