bpo-36816: Update self-signed certs to 4096+SHA256 (GH-3)

gpshead · web-flow · commit 10055416a615 · 2019-05-07T21:22:48.000-04:00
The self-signed.pythontest.net certificates are weak and thus rejected by the default config of modern OS/distro TLS client configs such as Debian Buster. (they were 1024bit RSA using SHA1) https://bugs.python.org/issue36816 ``` $ openssl version OpenSSL 1.1.1b 26 Feb 2019 $ openssl req -new -newkey rsa:4096 -x509 -sha256 -days 2999 -nodes -out MyCertificate.crt -keyout MyKey.key Generating a RSA private key ......................................................++++ .++++ writing new private key to 'MyKey.key' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:XY State or Province Name (full name) [Some-State]:Castle Anthrax Locality Name (eg, city) []:Argument Clinic Organization Name (eg, company) [Internet Widgits Pty Ltd]:Python Software Foundation Organizational Unit Name (eg, section) []: Common Name (e.g. server FQDN or YOUR name) []:self-signed.pythontest.net Email Address []: ``` ... and copying that certificate and private key file into place for this change.
diff --git a/tls/self-signed-cert.pem b/tls/self-signed-cert.pem
@@ -1,16 +1,34 @@
 -----BEGIN CERTIFICATE-----
-MIIClTCCAf6gAwIBAgIJAKGU95wKR8pTMA0GCSqGSIb3DQEBBQUAMHAxCzAJBgNV
-BAYTAlhZMRcwFQYDVQQHDA5DYXN0bGUgQW50aHJheDEjMCEGA1UECgwaUHl0aG9u
-IFNvZnR3YXJlIEZvdW5kYXRpb24xIzAhBgNVBAMMGnNlbGYtc2lnbmVkLnB5dGhv
-bnRlc3QubmV0MB4XDTE0MTEwMjE4MDkyOVoXDTI0MTAzMDE4MDkyOVowcDELMAkG
-A1UEBhMCWFkxFzAVBgNVBAcMDkNhc3RsZSBBbnRocmF4MSMwIQYDVQQKDBpQeXRo
-b24gU29mdHdhcmUgRm91bmRhdGlvbjEjMCEGA1UEAwwac2VsZi1zaWduZWQucHl0
-aG9udGVzdC5uZXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANDXQXW9tjyZ
-Xt0Iv2tLL1+jinr4wGg36ioLDLFkMf+2Y1GL0v0BnKYG4N1OKlAU15LXGeGer8vm
-Sv/yIvmdrELvhAbbo3w4a9TMYQA4XkIVLdvu3mvNOAet+8PMJxn26dbDhG809ALv
-EHY57lQsBS3G59RZyBPVqAqmImWNJnVzAgMBAAGjNzA1MCUGA1UdEQQeMByCGnNl
-bGYtc2lnbmVkLnB5dGhvbnRlc3QubmV0MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcN
-AQEFBQADgYEAIuzAhgMouJpNdf3URCHIineyoSt6WK/9+eyUcjlKOrDoXNZaD72h
-TXMeKYoWvJyVcSLKL8ckPtDobgP2OTt0UkyAaj0n+ZHaqq1lH2yVfGUA1ILJv515
-C8BqbvVZuqm3i7ygmw3bqE/lYMgOrYtXXnqOrz6nvsE6Yc9V9rFflOM=
+MIIF9zCCA9+gAwIBAgIUH98b4Fw/DyugC9cV7VK7ZODzHsIwDQYJKoZIhvcNAQEL
+BQAwgYoxCzAJBgNVBAYTAlhZMRcwFQYDVQQIDA5DYXN0bGUgQW50aHJheDEYMBYG
+A1UEBwwPQXJndW1lbnQgQ2xpbmljMSMwIQYDVQQKDBpQeXRob24gU29mdHdhcmUg
+Rm91bmRhdGlvbjEjMCEGA1UEAwwac2VsZi1zaWduZWQucHl0aG9udGVzdC5uZXQw
+HhcNMTkwNTA4MDEwMjQzWhcNMjcwNzI0MDEwMjQzWjCBijELMAkGA1UEBhMCWFkx
+FzAVBgNVBAgMDkNhc3RsZSBBbnRocmF4MRgwFgYDVQQHDA9Bcmd1bWVudCBDbGlu
+aWMxIzAhBgNVBAoMGlB5dGhvbiBTb2Z0d2FyZSBGb3VuZGF0aW9uMSMwIQYDVQQD
+DBpzZWxmLXNpZ25lZC5weXRob250ZXN0Lm5ldDCCAiIwDQYJKoZIhvcNAQEBBQAD
+ggIPADCCAgoCggIBAMKdJlyCThkahwoBb7pl5q64Pe9Fn5jrIvzsveHTc97TpjV2
+RLfICnXKrltPk/ohkVl6K5SUZQZwMVzFubkyxE0nZPHYHlpiKWQxbsYVkYv01rix
+IFdLvaxxbGYke2jwQao31s4o61AdlsfK1SdpHQUynBBMssqI3SB4XPmcA7e+wEEx
+jxjVish4ixA1vuIZOx8yibu+CFCf/geEjoBMF3QPdzULzlrCSw8k/45iZCSoNbvK
+DoL4TVV07PHOxpheDh8ZQmepGvU6pVqhb9m4lgmV0OGWHgozd5Ur9CbTVDmxIEz3
+TSoRtNJK7qtyZdGNqwjksQxgZTjM/d/Lm/BJG99AiOmYOjsl9gbQMZgvQmMAtUsI
+aMJnQuZ6R+KEpW/TR5qSKLWZSG45z/op+tzI2m+cE6HwTRVAWbcuJxcAA55MZjqU
+OOOu3BBYMjS5nf2sQ9uoXsVBFH7i0mQqoW1SLzr9opI8KsWwFxQmO2vBxWYaN+lH
+OmwBZBwyODIsmI1YGXmTp09NxRYz3Qe5GCgFzYowpMrcxUC24iduIdMwwhRM7rKg
+7GtIWMSrFfuI1XCLRmSlhDbhNN6fVg2f8Bo9PdH9ihiIyxSrc+FOUasUYCCJvlSZ
+8hFUlLvcmrZlWuazohm0lsXuMK1JflmQr/DA/uXxP9xzFfRy+RU3jDyxJbRHAgMB
+AAGjUzBRMB0GA1UdDgQWBBSQJyxiPMRK01i+0BsV9zUwDiBaHzAfBgNVHSMEGDAW
+gBSQJyxiPMRK01i+0BsV9zUwDiBaHzAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3
+DQEBCwUAA4ICAQCR+7a7N/m+WLkxPPIA/CB4MOr2Uf8ixTv435Nyv6rXOun0+lTP
+ExSZ0uYQ+L0WylItI3cQHULldDueD+s8TGzxf5woaLKf6tqyr0NYhKs+UeNEzDnN
+9PHQIhX0SZw3XyXGUgPNBfRCg2ZDdtMMdOU4XlQN/IN/9hbYTrueyY7eXq9hmtI9
+1srftAMqr9SR1JP7aHI6DVgrEsZVMTDnfT8WmLSGLlY1HmGfdEn1Ip5sbo9uSkiH
+AEPgPfjYIvR5LqTOMn4KsrlZyBbFIDh9Sl99M1kZzgH6zUGVLCDg1y6Cms69fx/e
+W1HoIeVkY4b4TY7Bk7JsqyNhIuqu7ARaxkdaZWhYaA2YyknwANdFfNpfH+elCLIk
+BUt5S3f4i7DaUePTvKukCZiCq4Oyln7RcOn5If73wCeLB/ZM9Ei1HforyLWP1CN8
+XLfpHaoeoPSWIveI0XHUl65LsPN2UbMbul/F23hwl+h8+BLmyAS680Yhn4zEN6Ku
+B7Po90HoFa1Du3bmx4jsN73UkT/dwMTi6K072FbipnC1904oGlWmLwvAHvrtxxmL
+Pl3pvEaZIu8wa/PNF6Y7J7VIewikIJq6Ta6FrWeFfzMWOj2qA1ZZi6fUaDSNYvuV
+J5quYKCc/O+I/yDDf8wyBbZ/gvUXzUHTMYGG+bFrn1p7XDbYYeEJ6R/xEg==
 -----END CERTIFICATE-----
diff --git a/tls/self-signed-key.pem b/tls/self-signed-key.pem
@@ -1,16 +1,52 @@
 -----BEGIN PRIVATE KEY-----
-MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBANDXQXW9tjyZXt0I
-v2tLL1+jinr4wGg36ioLDLFkMf+2Y1GL0v0BnKYG4N1OKlAU15LXGeGer8vmSv/y
-IvmdrELvhAbbo3w4a9TMYQA4XkIVLdvu3mvNOAet+8PMJxn26dbDhG809ALvEHY5
-7lQsBS3G59RZyBPVqAqmImWNJnVzAgMBAAECgYEArO8iwJn5FxM1r7j3saRPtVWa
-bZwgz+xFVs1RlG9Qy9w/QB6V93ZnPkCB4iBA/5FStcCzKNab4i9wOaNLfQIoysDZ
-jOonRG6pbdFSIBnH4lw1UGi8SS34gFhvWuDW6QHya1enMu2eyOz0W756FUIy9uLx
-V1//jNjeT7UcsFowgkkCQQD4ZlMnCWwygGKO3KXlHp0X44UL3HjIObBhaoBECkci
-kxsbk8Iwarcq5BBKgwKtTaGvcnzlM9N5xTZ7v30nukANAkEA1zsSmB0P9k5pZsAs
-xqRQggVdnjZ55zI6q6KrP69f9LJy8bEQ2Xz1MluAUwKsG26gsThzMPBdn2rWmjYf
-9NirfwJAXhWr0zJfd/Vm30O11kW1LNIxl5+HZBdttkg3kw3tiav8bYKW3+3buPQv
-M3nR7sBjyGdt5QavSAUpsM+D4SNLlQJAJ4flCWVFGkMantGrJ6zkUI01vapZx3n1
-RrLw6xiF8kaYUAXqh1epHV+q+RQjkkJGZ2Zr2dA8Edyon9hTFEB7dwJBAPRRChg8
-9fcihtNMiRwzGGr7rHtS1TpoA5hbIjPCbY8rHMkLdMnoxBa11E9PmXqyyyctrN+z
-o54iWWshXKtbx24=
+MIIJQQIBADANBgkqhkiG9w0BAQEFAASCCSswggknAgEAAoICAQDCnSZcgk4ZGocK
+AW+6ZeauuD3vRZ+Y6yL87L3h03Pe06Y1dkS3yAp1yq5bT5P6IZFZeiuUlGUGcDFc
+xbm5MsRNJ2Tx2B5aYilkMW7GFZGL9Na4sSBXS72scWxmJHto8EGqN9bOKOtQHZbH
+ytUnaR0FMpwQTLLKiN0geFz5nAO3vsBBMY8Y1YrIeIsQNb7iGTsfMom7vghQn/4H
+hI6ATBd0D3c1C85awksPJP+OYmQkqDW7yg6C+E1VdOzxzsaYXg4fGUJnqRr1OqVa
+oW/ZuJYJldDhlh4KM3eVK/Qm01Q5sSBM900qEbTSSu6rcmXRjasI5LEMYGU4zP3f
+y5vwSRvfQIjpmDo7JfYG0DGYL0JjALVLCGjCZ0LmekfihKVv00eakii1mUhuOc/6
+KfrcyNpvnBOh8E0VQFm3LicXAAOeTGY6lDjjrtwQWDI0uZ39rEPbqF7FQRR+4tJk
+KqFtUi86/aKSPCrFsBcUJjtrwcVmGjfpRzpsAWQcMjgyLJiNWBl5k6dPTcUWM90H
+uRgoBc2KMKTK3MVAtuInbiHTMMIUTO6yoOxrSFjEqxX7iNVwi0ZkpYQ24TTen1YN
+n/AaPT3R/YoYiMsUq3PhTlGrFGAgib5UmfIRVJS73Jq2ZVrms6IZtJbF7jCtSX5Z
+kK/wwP7l8T/ccxX0cvkVN4w8sSW0RwIDAQABAoICAAmYM871waHtM+EjZv26jl/o
+x2znctHYLdZoWYgro5fFuXkDRqoE27co8eWgi7wWMZNGuaVOl5h0qYpYWSqvPQxM
+t+ZQcFamZkIBSePMJmvO+1MJsH19R3Gb+esjO05WIfahYB6z174QZ2GcN1wFC6A4
++Ya4MUxY6QXzySmpLmm9pr7QEaz4winV/40iCTIealLEbBPsb36CFMUMHPZoSfO3
+23mrBlZlI8wwV8UORr+j51pFwOdmFHH1HMVjG1lhsbKIzURNCv4yEPrh4KDMP+Fj
+GHQ2sW5xUSDylMvhOVLKz7vbqVs8mjyP4ypirnBhWqBKngvtKLBfMtj4scxr3krS
+TUARZ03HqyQD8bcTOfwd6YTLiGV3Yn5FkYGIrhInCcDrudop1nApBUIQGK6BY+Op
+MNnuE+oqHpjw6I0CSVFlPxQkVOYsecmbdsKx5HebWBlU03b7jJgJjItqMpmfvsQZ
+IriLtZe6gBz+6COqWpCu6Dt6NmCYXAavCmmVwxU1y1GDqiLAvPK8l/lytpUZbk5d
+NnxARgpn5X3rdys55YysQJ0OPJ2cBPNShD45W2KcaeN0jX7BmX47PQ8MBRdG7Enj
+DEJOxJ71Z3p0fRNH3cqrj7vev20cseNcjafHiBz2ISXjxMN6eifXRheTwS0lFcKA
+/4WaPnqf6k5XJ0ujA/ipAoIBAQDzbmhEtWkHCB54DK0kqFcB+JTbgOaK/ahOlh/d
+sgJfc1YEJAM9Lt2K/O0vZhniK7ejs6VF0w5P8deZCTVtOR02hLh0LoaTxxza3hbK
+Kk1mHwLdzemJ50SaaOBS2Fxt0WAHlD4baO61s8YK8uDOkH39vwdbLjsrb9mROWlX
+q1gyRx1Un0F/lNZlou2F4x5jJjla/zv249XOCZ6kKcCW5Iub/k2L5Hftmi8fGiP1
+DOtT0+U1ez3+50hFIrbvOCbxuNedBXxdpCZozb2yEzN99qp9AQy5PrIpGVWHKIcM
+TRcbctMjHF+ADbD+sQMUplHWxw5ZnqF4RTAN9iriyTf5rWGtAoIBAQDMqX2M7tG6
+Ep4EfwD+UONbY4TjhXPEL+CXoGZ9duMu54ZHmUQsCY91RL4dTh4XiaJBEdquSskO
+S5UkpZzkS5ldeC14759QfNF6mwRzM93tRLlXiVip+njxw9fFPmxgz1Qdhy7vEUZz
+Y2ycBn8vPx/uwwN7O221BgFBwA/jsK0diie3acsuUjPMbXEQQ2TAabBtTzzAxtIn
+htw5XOF4w5Ru6m2SZx72Ey1l/JNjzKSby5DBLEkPSY9SaatiMDOhcRsSx4iES1Hu
+yVRXRQ/MNH3JXBuMc/81s/ecb9xgblsuy/7y4dus1qjTkAYTZBy3HuqglL5JVBDS
+mGgdpRXOZjRDAoIBAFU+5piZBoyF1VWo6sEZik6QZGBxxUoLBfNvMv2JprcSRp7w
+lYnJbZ+MburYUFwZfxd+g3PuMubgA+X9iY4UIBzFYWqeGFaLtZkXiNeG9M+8MF7I
+Cu5V5HpGG7gnOEbkuUIuMYmbt2w95i5TW1I620QOr17I08OkSYZHmpIu2JXSvXyy
+wFcTIfk5kv/9xthlvFQXaUJOCsM6LynBzUWKBzG7XiCNA0pbYgD8QHdB7O7QF0Yh
+QFaRW4eKXpFrEog3eJnuH90S7Lhqw/EmNDP6Oz3HLlN4lx85VfAcyx4NqPfdv/5d
+ozvOj5rBFhkXHTWfQ3Ey0cyyPd/FwsLkQAvZIYkCggEAGKOnG9p8oVwwbfYkVnnC
+hXQbwZCFeW8SKO8Ep8IyY6k3/1KyZGLaRJH8GWcYNFk7kX3mx+j0/6WV1Q2jL9Dy
+K9CWGOMwWO5OAea7yGrMIw6NCb7dT8l52hFr3rE/NwB+7fcibWG1C5tCrh4SHcwJ
+uiL8Pk/PS2XnrNTElPLmRJInaetwrKj0132tiPm0HX4b4W0SsVq+XkfcJ4PJGVLi
+gd/zRRbpIVL5ujeIPxGaF6+QQ9FjElYWzSMvoOiQrrUBP2eKRfMTcB4I62DDICCJ
+rD5MisJETWDXRJwq+ekPTTj9/pu2aL6HIMFMGfWJh3pPYPnHVuiqBdCXaEpBr9Ga
+JQKCAQBxiBQWSnqEQAEXqNnPeseSpikMgqo4GToV7lQFOKJKXK4pqMxtQfntr0q5
+SNWCEIpebI3qDRC2oGUHD9+8D3D7JXpR9W+DqX1rqdHaOnRlxN+cgsbzy9oBNuDh
+hpGblpNRjvmrKtItTwmXseVxVLj1jiV5Nv4j7e6hWF/wa4ZqoDolEapHau9u4PtY
+NT7cCrq90iDdSpQZEXFB6l/fBj4G492+iT+l5mqO2KyatR2RhJSGnijLGr1DVsOp
+9ghrHXOKe84DGCcAyUqLYLLR7neRq+tbhzxQlH1HvMTvPjfewY6jw8EOSgu+2U8Z
+0rlopVCaxHzbkZo0241xOp8e+6Kb
 -----END PRIVATE KEY-----
