New versions of OpenSSL (1.1.2 here on Debian Testing) reject RSA 1024 now.
Created attachment 353613 [details] Patch
Comment on attachment 353613 [details] Patch Good thing the Apple bots can't handle the SSLCertificateKeyFile arg, or this would have been too easy. :( Why did you need to add that? Does Apache refuse to load the new private key out of the same PEM file as the certificate for some reason?
Created attachment 353625 [details] Patch
Created attachment 353629 [details] Patch
Created attachment 353632 [details] Patch
Comment on attachment 353632 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=353632&action=review Wait for EWS please. > Tools/Scripts/webkitpy/common/system/pemfile.py:94 > -RSA_PRIVATE_KEY = "RSA PRIVATE KEY" > +RSA_PRIVATE_KEY = "PRIVATE KEY" Hm, I wonder why this is needed? You should also rename the variable RSA_PRIVATE_KEY to PRIVATE_KEY.
(In reply to Michael Catanzaro from comment #6) > Comment on attachment 353632 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=353632&action=review > > Wait for EWS please. I don't plan to land this before tomorrow... > > > Tools/Scripts/webkitpy/common/system/pemfile.py:94 > > -RSA_PRIVATE_KEY = "RSA PRIVATE KEY" > > +RSA_PRIVATE_KEY = "PRIVATE KEY" > > Hm, I wonder why this is needed? > Because if you check the diff, "RSA" is gone from the pem file. > You should also rename the variable RSA_PRIVATE_KEY to PRIVATE_KEY. Sure!
All green!
Committed r237727: <https://trac.webkit.org/changeset/237727>
<rdar://problem/45758148>