RESOLVED FIXED 191156
[Apache] Self-signed SSL certificate RSA key is considered too weak 
https://bugs.webkit.org/show_bug.cgi?id=191156
Summary [Apache] Self-signed SSL certificate RSA key is considered too weak
Philippe Normand
Reported 2018-11-01 10:15:06 PDT
New versions of OpenSSL (1.1.2 here on Debian Testing) reject RSA 1024 now.
Attachments
Patch (8.09 KB, patch)
2018-11-01 10:20 PDT, Philippe Normand 		no flags
DetailsFormatted DiffDiff
Patch (5.71 KB, patch)
2018-11-01 11:55 PDT, Philippe Normand 		no flags
DetailsFormatted DiffDiff
Patch (6.88 KB, patch)
2018-11-01 12:15 PDT, Philippe Normand 		no flags
DetailsFormatted DiffDiff
Patch (9.60 KB, patch)
2018-11-01 12:18 PDT, Philippe Normand 		mcatanzaro: review+
DetailsFormatted DiffDiff
Show Obsolete (3) View All Add attachment proposed patch, testcase, etc.
Philippe Normand
Comment 1 2018-11-01 10:20:07 PDT
Created attachment 353613 [details] Patch
Michael Catanzaro
Comment 2 2018-11-01 10:47:27 PDT
Comment on attachment 353613 [details] Patch Good thing the Apple bots can't handle the SSLCertificateKeyFile arg, or this would have been too easy. :( Why did you need to add that? Does Apache refuse to load the new private key out of the same PEM file as the certificate for some reason?
Philippe Normand
Comment 3 2018-11-01 11:55:32 PDT
Created attachment 353625 [details] Patch
Philippe Normand
Comment 4 2018-11-01 12:15:39 PDT
Created attachment 353629 [details] Patch
Philippe Normand
Comment 5 2018-11-01 12:18:42 PDT
Created attachment 353632 [details] Patch
Michael Catanzaro
Comment 6 2018-11-01 12:19:59 PDT
Comment on attachment 353632 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=353632&action=review Wait for EWS please. > Tools/Scripts/webkitpy/common/system/pemfile.py:94 > -RSA_PRIVATE_KEY = "RSA PRIVATE KEY" > +RSA_PRIVATE_KEY = "PRIVATE KEY" Hm, I wonder why this is needed? You should also rename the variable RSA_PRIVATE_KEY to PRIVATE_KEY.
Philippe Normand
Comment 7 2018-11-01 12:38:26 PDT
(In reply to Michael Catanzaro from comment #6) > Comment on attachment 353632 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=353632&action=review > > Wait for EWS please. I don't plan to land this before tomorrow... > > > Tools/Scripts/webkitpy/common/system/pemfile.py:94 > > -RSA_PRIVATE_KEY = "RSA PRIVATE KEY" > > +RSA_PRIVATE_KEY = "PRIVATE KEY" > > Hm, I wonder why this is needed? > Because if you check the diff, "RSA" is gone from the pem file. > You should also rename the variable RSA_PRIVATE_KEY to PRIVATE_KEY. Sure!
Michael Catanzaro
Comment 8 2018-11-01 20:32:25 PDT
All green!
Philippe Normand
Comment 9 2018-11-02 03:04:46 PDT
Committed r237727: <https://trac.webkit.org/changeset/237727>
Radar WebKit Bug Importer
Comment 10 2018-11-02 03:05:26 PDT
<rdar://problem/45758148>
Note You need to log in before you can comment on or make changes to this bug.