Opened 10 years ago
Closed 9 years ago
#400 closed Bug / Defect (fixed)
Please update sample certs to use sha1 or better
| Reported by: | limburgher | Owned by: | Steffan Karger |
|---|---|---|---|
| Priority: | minor | Milestone: | release 2.3.6 |
| Component: | Certificates | Version: | OpenVPN 2.3.4 (Community Ed) |
| Severity: | Not set (select this one, unless your'e a OpenVPN developer) | Keywords: | |
| Cc: |
Description
In Fedora rawhide(21) and above, openssl no longer supports md5. This means that testing openvpn with md5-based certs fails.
Change History (4)
comment:1 follow-up: 2 Changed 10 years ago by
| Owner: | set to Steffan Karger |
|---|---|
| Status: | new → accepted |
comment:2 Changed 10 years ago by
Replying to syzzer:
Or even better, replace them with a script that generates a test certificate chain. Such scripts should then indeed use stronger algorithms and larger key sizes.
Will be fixed 'soonish'.
Sounds good!
comment:3 Changed 9 years ago by
FYI: Took me a bit longer than I hoped for, but there's a patch on the mailinglist for this, waiting for review:
http://article.gmane.org/gmane.network.openvpn.devel/9168
comment:4 Changed 9 years ago by
| Milestone: | → release 2.3.6 |
|---|---|
| Resolution: | → fixed |
| Status: | accepted → closed |
... and the patches are in:
https://github.com/OpenVPN/openvpn/commit/13b2313 (master)
https://github.com/OpenVPN/openvpn/commit/b77c27a (release/2.3)
Note: See
TracTickets for help on using
tickets.
Or even better, replace them with a script that generates a test certificate chain. Such scripts should then indeed use stronger algorithms and larger key sizes.
Will be fixed 'soonish'.