• M
    virnettlshelpers: Update private key · c3fa17cd
    Michal Privoznik 提交于
    With the recent update of Fedora rawhide I've noticed
    virnettlssessiontest and virnettlscontexttest failing with:
    
      Our own certificate servercertreq-ctx.pem failed validation
      against cacertreq-ctx.pem: The certificate uses an insecure
      algorithm
    
    This is result of Fedora changes to support strong crypto [1]. RSA
    with 1024 bit key is viewed as legacy and thus insecure. Generate
    a new private key then. Moreover, switch to EC which is not only
    shorter but also not deprecated that often as RSA. Generated
    using the following command:
    
      openssl genpkey --outform PEM --out privkey.pem \
      --algorithm EC --pkeyopt ec_paramgen_curve:P-384 \
      --pkeyopt ec_param_enc:named_curve
    
    1: https://fedoraproject.org/wiki/Changes/StrongCryptoSettings2Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
    Reviewed-by: NDaniel P. Berrangé <berrange@redhat.com>
    c3fa17cd
virnettlshelpers.c 14.0 KB