test: generate des rsa_cert.pfx (!28471) · Merge requests · Rodrigo Test / Test Group-nodejs / node

Rodrigo Muino Tomonari requested to merge github/fork/everett1992/cert into master Jun 28, 2019

My node distribution uses a shared openssl library with some ciphers disabled, including RC2.

These tests (which use rsa_cert.pfx) fail with unknown cipher:

parallel/test-crypto-binary-default
parallel/test-https-pfx
parallel/test-crypto

This is a regression from 12.4.0

The other fixture .pfx's use the -descert option, I don't know if rsa_cert.pfx was generated without -descert intentionally or not but none of the tests reference RC2, and the tests pass with a des cert.

I'm not an ssl/crypto expert, so I would appreciate any insight.

Old key:

openssl pkcs12 -info -in test/fixtures/keys/rsa_cert.pfx -noout -passin
pass:sample
MAC Iteration 2048
MAC verified OK
PKCS7 Encrypted data: pbeWithSHA1And40BitRC2-CBC, Iteration 2048
Certificate bag
PKCS7 Data
Shrouded Keybag: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 2048

New

openssl pkcs12 -info -in test/fixtures/keys/rsa_cert.pfx -noout -passin
pass:sample
MAC Iteration 2048
MAC verified OK
PKCS7 Encrypted data: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 2048
Certificate bag
PKCS7 Data
Shrouded Keybag: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 2048

Checklist

make -j4 test (UNIX), or vcbuild test (Windows) passes
tests and/or benchmarks are included
commit message follows commit guidelines

Admin message

Admin message

test: generate des rsa_cert.pfx

Checklist

Merge request reports