Mercurial > hg
view contrib/packagelib.sh @ 29526:9d02bed8477b
tests: regenerate x509 test certificates
The old x509 test certificates were using cryptographic settings
that are ancient by today's standards, namely 512 bit RSA keys.
To put things in perspective, browsers have been dropping support
for 1024 bit RSA keys.
I think it is important that tests match the realities of the times.
And 2048 bit RSA keys with SHA-2 hashing are what the world is
moving to.
This patch replaces all the x509 certificates with new versions using
modern best practices. In addition, the docs for generating the
keys have been updated, as the existing docs left out a few steps,
namely how to generate certs that were not active yet or expired.
| author | Gregory Szorc <gregory.szorc@gmail.com> |
|---|---|
| date | Tue, 12 Jul 2016 22:26:04 -0700 |
| parents | 6474b64045fb |
| children | 13f90dde8f8c |
line wrap: on
line source
# Extract version number into 4 parts, some of which may be empty: # # version: the numeric part of the most recent tag. Will always look like 1.3. # # type: if an rc build, "rc", otherwise empty # # distance: the distance from the nearest tag, or empty if built from a tag # # node: the node|short hg was built from, or empty if built from a tag gethgversion() { make clean make local || make local PURE=--pure HG="$PWD/hg" $HG version > /dev/null || { echo 'abort: hg version failed!'; exit 1 ; } hgversion=`$HG version | sed -ne 's/.*(version \(.*\))$/\1/p'` if echo $hgversion | grep + > /dev/null 2>&1 ; then tmp=`echo $hgversion | cut -d+ -f 2` hgversion=`echo $hgversion | cut -d+ -f 1` distance=`echo $tmp | cut -d- -f 1` node=`echo $tmp | cut -d- -f 2` else distance='' node='' fi if echo $hgversion | grep -- '-' > /dev/null 2>&1; then version=`echo $hgversion | cut -d- -f1` type=`echo $hgversion | cut -d- -f2` else version=$hgversion type='' fi }