Opened 6 years ago

Closed 6 years ago

#400 closed Bug / Defect (fixed)

Please update sample certs to use sha1 or better

Reported by: limburgher Owned by: Steffan Karger
Priority: minor Milestone: release 2.3.6
Component: Certificates Version: OpenVPN 2.3.4 (Community Ed)
Severity: Not set (select this one, unless your'e a OpenVPN developer) Keywords:
Cc:

Description

In Fedora rawhide(21) and above, openssl no longer supports md5. This means that testing openvpn with md5-based certs fails.

Change History (4)

comment:1 Changed 6 years ago by Steffan Karger

Owner: set to Steffan Karger
Status: newaccepted

Or even better, replace them with a script that generates a test certificate chain. Such scripts should then indeed use stronger algorithms and larger key sizes.

Will be fixed 'soonish'.

comment:2 in reply to:  1 Changed 6 years ago by i.gnatenko.brain

Replying to syzzer:

Or even better, replace them with a script that generates a test certificate chain. Such scripts should then indeed use stronger algorithms and larger key sizes.

Will be fixed 'soonish'.

Sounds good!

comment:3 Changed 6 years ago by Steffan Karger

FYI: Took me a bit longer than I hoped for, but there's a patch on the mailinglist for this, waiting for review:
http://article.gmane.org/gmane.network.openvpn.devel/9168

comment:4 Changed 6 years ago by Steffan Karger

Milestone: release 2.3.6
Resolution: fixed
Status: acceptedclosed
Note: See TracTickets for help on using tickets.