Skip to content

test: generate des rsa_cert.pfx#28471

Closed
everett1992 wants to merge 1 commit intonodejs:masterfrom
everett1992:cert
Closed

test: generate des rsa_cert.pfx#28471
everett1992 wants to merge 1 commit intonodejs:masterfrom
everett1992:cert

Conversation

@everett1992
Copy link
Contributor

@everett1992 everett1992 commented Jun 28, 2019

My node distribution uses a shared openssl library with some ciphers
disabled, including RC2.

These tests (which use rsa_cert.pfx) fail with unknown cipher:

  • parallel/test-crypto-binary-default
  • parallel/test-https-pfx
  • parallel/test-crypto

This is a regression from 12.4.0

The other fixture .pfx's use the -descert option, I don't know if
rsa_cert.pfx was generated without -descert intentionally or not but
none of the tests reference RC2, and the tests pass with a des cert.

I'm not an ssl/crypto expert, so I would appreciate any insight.

Old key:

openssl pkcs12 -info -in test/fixtures/keys/rsa_cert.pfx -noout -passin
pass:sample
MAC Iteration 2048
MAC verified OK
PKCS7 Encrypted data: pbeWithSHA1And40BitRC2-CBC, Iteration 2048
Certificate bag
PKCS7 Data
Shrouded Keybag: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 2048

New

openssl pkcs12 -info -in test/fixtures/keys/rsa_cert.pfx -noout -passin
pass:sample
MAC Iteration 2048
MAC verified OK
PKCS7 Encrypted data: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 2048
Certificate bag
PKCS7 Data
Shrouded Keybag: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 2048
Checklist
  • make -j4 test (UNIX), or vcbuild test (Windows) passes
  • tests and/or benchmarks are included
  • commit message follows commit guidelines

@nodejs-github-bot nodejs-github-bot added the test Issues and PRs related to the tests. label Jun 28, 2019
@everett1992
test: generate des rsa_cert.pfx
5461c1e 
My node distribution uses a shared openssl library with some ciphers
disabled, including RC2.

These tests (which use `rsa_cert.pfx`) fail with `unknown cipher`:
 - parallel/test-crypto-binary-default
 - parallel/test-https-pfx
 - parallel/test-crypto

The other fixture .pfx's use the `-descert` option, I don't know if
rsa_cert.pfx was generated without `-descert` intentionally or not but
none of the tests reference RC2, and the tests pass with a des cert.

I'm not an ssl/crypto expert, so I would appreciate any insight.

Old key:
```
openssl pkcs12 -info -in test/fixtures/keys/rsa_cert.pfx -noout -passin
pass:sample
MAC Iteration 2048
MAC verified OK
PKCS7 Encrypted data: pbeWithSHA1And40BitRC2-CBC, Iteration 2048
Certificate bag
PKCS7 Data
Shrouded Keybag: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 2048
```

New
```
openssl pkcs12 -info -in test/fixtures/keys/rsa_cert.pfx -noout -passin
pass:sample
MAC Iteration 2048
MAC verified OK
PKCS7 Encrypted data: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 2048
Certificate bag
PKCS7 Data
Shrouded Keybag: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 2048
```
@nodejs-github-bot
Copy link
Collaborator

nodejs-github-bot commented Jun 30, 2019

CI: https://ci.nodejs.org/job/node-test-pull-request/24173/

bnoordhuis
bnoordhuis approved these changes Jun 30, 2019
View reviewed changes
Copy link
Member

@bnoordhuis bnoordhuis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the pull request. The reason for RC2 is simply because that's openssl pkcs12's default.

@bnoordhuis bnoordhuis added the crypto Issues and PRs related to the crypto subsystem. label Jun 30, 2019
@everett1992
Copy link
Contributor Author

everett1992 commented Jul 1, 2019

None of the failing checks look related to my change. Am I expected to fix them in order to merge this PR?

@Trott
Copy link
Member

Trott commented Jul 1, 2019

None of the failing checks look related to my change. Am I expected to fix them in order to merge this PR?

No, not if they are clearly unrelated.

@nodejs-github-bot
Copy link
Collaborator

nodejs-github-bot commented Jul 1, 2019

CI: https://ci.nodejs.org/job/node-test-pull-request/24180/

@nodejs-github-bot
Copy link
Collaborator

nodejs-github-bot commented Jul 2, 2019

CI: https://ci.nodejs.org/job/node-test-pull-request/24208/

@BridgeAR BridgeAR added the author ready PRs that have at least one approval, no pending requests for changes, and a CI started. label Jul 4, 2019
@Trott
Copy link
Member

Trott commented Jul 6, 2019

Landed in 6aafee1.

Thanks for the contribution! 🎉

@Trott Trott closed this Jul 6, 2019
Trott pushed a commit to Trott/io.js that referenced this pull request Jul 6, 2019
@everett1992 @Trott
test: generate des rsa_cert.pfx
6aafee1 
My node distribution uses a shared openssl library with some ciphers
disabled, including RC2.

These tests (which use `rsa_cert.pfx`) fail with `unknown cipher`:
 - parallel/test-crypto-binary-default
 - parallel/test-https-pfx
 - parallel/test-crypto

The other fixture .pfx's use the `-descert` option, I don't know if
rsa_cert.pfx was generated without `-descert` intentionally or not but
none of the tests reference RC2, and the tests pass with a des cert.

I'm not an ssl/crypto expert, so I would appreciate any insight.

Old key:
```
openssl pkcs12 -info -in test/fixtures/keys/rsa_cert.pfx -noout -passin
pass:sample
MAC Iteration 2048
MAC verified OK
PKCS7 Encrypted data: pbeWithSHA1And40BitRC2-CBC, Iteration 2048
Certificate bag
PKCS7 Data
Shrouded Keybag: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 2048
```

New
```
openssl pkcs12 -info -in test/fixtures/keys/rsa_cert.pfx -noout -passin
pass:sample
MAC Iteration 2048
MAC verified OK
PKCS7 Encrypted data: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 2048
Certificate bag
PKCS7 Data
Shrouded Keybag: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 2048
```

PR-URL: nodejs#28471
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Rich Trott <rtrott@gmail.com>
targos pushed a commit that referenced this pull request Jul 20, 2019
@everett1992 @targos
test: generate des rsa_cert.pfx
c3311c2 
My node distribution uses a shared openssl library with some ciphers
disabled, including RC2.

These tests (which use `rsa_cert.pfx`) fail with `unknown cipher`:
 - parallel/test-crypto-binary-default
 - parallel/test-https-pfx
 - parallel/test-crypto

The other fixture .pfx's use the `-descert` option, I don't know if
rsa_cert.pfx was generated without `-descert` intentionally or not but
none of the tests reference RC2, and the tests pass with a des cert.

I'm not an ssl/crypto expert, so I would appreciate any insight.

Old key:
```
openssl pkcs12 -info -in test/fixtures/keys/rsa_cert.pfx -noout -passin
pass:sample
MAC Iteration 2048
MAC verified OK
PKCS7 Encrypted data: pbeWithSHA1And40BitRC2-CBC, Iteration 2048
Certificate bag
PKCS7 Data
Shrouded Keybag: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 2048
```

New
```
openssl pkcs12 -info -in test/fixtures/keys/rsa_cert.pfx -noout -passin
pass:sample
MAC Iteration 2048
MAC verified OK
PKCS7 Encrypted data: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 2048
Certificate bag
PKCS7 Data
Shrouded Keybag: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 2048
```

PR-URL: #28471
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Rich Trott <rtrott@gmail.com>
This was referenced Jul 23, 2019
Closed
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bnoordhuis bnoordhuis bnoordhuis approved these changes

@Trott Trott Trott approved these changes

Assignees

No one assigned

Labels

author ready PRs that have at least one approval, no pending requests for changes, and a CI started. crypto Issues and PRs related to the crypto subsystem. test Issues and PRs related to the tests.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@everett1992 @nodejs-github-bot @Trott @bnoordhuis @BridgeAR