tree a13a05d477df5cecf1540ea6c5b3c78287c7cda1
parent 6d5d59fe0fefbb43604398845edf902c651da353
author Evgeny Kotkov <kotkov@apache.org> 1655299210 +0000
committer Evgeny Kotkov <kotkov@apache.org> 1655299210 +0000

Update test certificates

1. cacert_nul.pem
2. servercert_cn_nul.pem
3. servercert_cnsan_nul.pem
4. servercert_san_nul.pem

to SHA256 from SHA1.

- It's consistent with all other test certificates created by create_certs.py.
- It's more realistic. Certificates signed using SHA1 are considered insecure
and are not supported by modern browsers.
- It will be useful for future support of OpenSSL 3.0, where certificates
signed using SHA1 are not allowed at default security level [1]:

[[[
X509 certificates signed using SHA1 are no longer allowed at security level 1
and above.

In TLS/SSL the default security level is 1. It can be set either using the
cipher string with @SECLEVEL, or calling SSL_CTX_set_security_level(3). If the
leaf certificate is signed with SHA-1, a call to SSL_CTX_use_certificate(3)
will fail if the security level is not lowered first.
]]]

[1] https://www.openssl.org/docs/man3.0/man7/migration_guide.html

Patch by: Denis Kovalchuk <denis.kovalchuk{_AT_}visualsvn.com>

* test/certs/cacert_nul.pem,
  test/certs/servercert_cn_nul.pem,
  test/certs/servercert_cnsan_nul.pem,
  test/certs/servercert_san_nul.pem: Sign using SHA256 instead of SHA1.


git-svn-id: https://svn.apache.org/repos/asf/serf/trunk@1901936 13f79535-47bb-0310-9956-ffa450edef68