On Wed, Oct 3, 2018 at 1:32 PM Michael Paquier <michael@paquier.xyz> wrote:
> On Mon, Oct 01, 2018 at 09:18:01PM +0900, Kyotaro HORIGUCHI wrote:
> > The attached second patch just changes key size to 2048 bits and
> > "ee key too small" are eliminated in 001_ssltests_master, but
> > instead I got "ca md too weak" error. This is eliminated by using
> > sha256 instead of sha1 in cas.config. (third attached)
>
> I find your suggestion quite tempting at the end instead of having to
> tweak the global system's configuration. That should normally work with
> any configuration. This would require regenerating the certs in the
> tree. Any thoughts from others?
I don't really have opinion here, but I wanted to point out that
src/test/ldap/t/001_auth.pl creates new certs on the fly, which is a
bit inconsistent with the SSL test's approach of certs-in-the-tree.
Which is better?
--
Thomas Munro
http://www.enterprisedb.com