Skip to content

fix created new TLS certs with longer key lengths #1148

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Oct 2, 2020
Merged

fix created new TLS certs with longer key lengths #1148

merged 1 commit into from
Oct 2, 2020

Conversation

seriousme
Copy link
Contributor

@seriousme seriousme commented Aug 22, 2020
edited
Loading

On ChromeOS 84 npm test fails immediately after the linter pretest with:

_tls_common.js:135
      c.context.setCert(cert);
                ^

Error: error:140AB18F:SSL routines:SSL_CTX_use_certificate:ee key too small

This PR fixes that by providing a new self-signed TLS cert + private key for testing with the following properties:

  • RSA Public-Key: 2048 bit (was 1024bit)
  • Signature Algorithm: sha256WithRSAEncryption (was sha1WithRSAEncryption)
  • Validity Not After: Aug 20 18:07:06 2030 (was Jun 10 10:03:03 2024 GMT)

A full openssl text dump of the cert can be found below,the command used to create this is:
openssl req -x509 -sha256 -nodes -days 3650 -newkey rsa:2048 -keyout tls-key.pem -out tls-cert.pem -subj "/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=localhost"

Btw: the certificate signing request (tls-csr.pem) is not required so I removed that.

Kind regards,
Hans

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2a:ad:f9:24:2c:28:7d:04:57:8a:b9:fd:5a:e5:1c:8c:d8:c6:b7:93
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C = AU, ST = Some-State, O = Internet Widgits Pty Ltd, CN = localhost
        Validity
            Not Before: Aug 22 18:07:06 2020 GMT
            Not After : Aug 20 18:07:06 2030 GMT
        Subject: C = AU, ST = Some-State, O = Internet Widgits Pty Ltd, CN = localhost
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:38:1c:a0:d0:b7:81:5d:72:23:03:09:de:07:
                    90:08:ed:62:18:be:c4:e0:6c:22:18:be:a1:f8:4c:
                    8f:53:4d:75:c3:96:c0:1f:df:90:7e:d1:b2:f1:76:
                    8d:8d:32:56:32:ee:84:fa:d1:5f:e6:bf:80:58:4d:
                    f5:e2:cd:10:25:ce:cd:b1:f4:a9:cb:c2:c0:4d:c5:
                    1c:fd:9d:d7:97:24:e4:1c:df:48:31:27:27:46:69:
                    3e:27:a1:55:a6:bb:e2:d3:a0:1b:eb:82:d6:c8:81:
                    8b:77:d0:c2:d7:db:5a:c3:bc:45:d0:43:b7:d6:30:
                    38:d5:5a:ec:de:af:3c:8f:38:c7:f5:4e:b2:60:c8:
                    70:18:07:c0:3e:0e:4b:e5:fd:10:d6:12:33:e7:59:
                    a0:2d:ba:93:e7:36:ce:13:98:77:6a:16:5c:7e:6c:
                    9e:47:9f:94:8d:b4:b6:2e:e2:01:7a:6d:45:34:f6:
                    30:c9:40:20:8c:af:40:26:27:9b:e1:65:6b:46:07:
                    e0:22:f2:84:b1:94:1b:62:d9:6d:7f:d4:df:58:0c:
                    55:1c:95:48:0b:48:2e:f8:38:66:8b:a2:48:e8:d6:
                    d9:67:59:e0:60:58:c9:b9:8f:75:30:df:d9:bb:6d:
                    cd:5b:98:93:48:4f:74:c7:98:98:26:04:20:d2:8b:
                    79:fd
                Exponent: 65537 (0x10001)
    X509v3 extensions:
            X509v3 Subject Key Identifier: 
                34:8D:21:67:E4:35:BE:D7:AF:EA:38:DD:91:84:CD:38:9F:51:ED:30
            X509v3 Authority Key Identifier: 
                keyid:34:8D:21:67:E4:35:BE:D7:AF:EA:38:DD:91:84:CD:38:9F:51:ED:30

            X509v3 Basic Constraints: critical
                CA:TRUE
    Signature Algorithm: sha256WithRSAEncryption
         72:5b:a5:38:52:44:ef:34:a8:60:6d:13:17:63:d2:73:7c:87:
         75:56:20:2f:a3:09:9d:27:f5:ad:34:32:80:ee:17:14:83:dd:
         c6:51:ed:62:25:9e:10:d0:f3:73:77:6b:17:6a:7c:a9:19:36:
         9e:27:6f:bb:1c:f2:0c:9f:4b:f8:af:37:26:5d:90:0b:8d:38:
         b8:3f:9b:1e:5f:cd:f4:ce:6a:17:e8:59:1c:be:a9:7e:e3:0a:
         bf:75:19:53:13:ed:d9:b0:d6:b7:39:7d:eb:09:a0:5c:04:82:
         f9:1e:00:15:be:78:5e:34:6e:47:00:a0:f2:8e:d4:fc:82:e2:
         f0:0e:10:d6:ec:8c:ed:d5:70:9b:3b:6e:cb:44:10:a4:c2:60:
         d3:57:3f:e5:2a:f7:6e:b6:34:a8:09:6c:97:c1:18:05:1b:52:
         55:56:ff:73:b0:b0:6c:a4:f7:6f:96:a2:b6:a2:a6:db:95:8a:
         df:05:af:4c:e1:35:55:5c:98:c5:d3:47:5b:82:2c:5f:e7:98:
         07:46:77:75:0e:d9:41:e6:fd:4d:8a:7a:b5:a6:9a:0b:96:af:
         93:b7:ba:27:99:fa:7a:61:e1:a7:36:e7:1e:4d:1d:36:92:a3:
         99:97:81:ac:8f:72:7e:a7:57:a8:b2:56:74:46:c6:02:f3:c3:
         51:57:e8:fe

@seriousme
Copy link
Contributor Author

10.x fails on the websocket tests not related to this PR
(see https://github.com/mqttjs/MQTT.js/pull/1148/checks?check_run_id=1016492613#step:6:79481 )

@seriousme seriousme mentioned this pull request Oct 2, 2020
Merged
@YoDaMa
Copy link
Contributor

YoDaMa commented Oct 2, 2020

@seriousme are both commits necessary or can you squash them? Once that's resolved I'll approve and merge.

@seriousme seriousme force-pushed the tls-cert-with-longer-keylength branch from fc36f9e to 00b3183 Compare October 2, 2020 19:36
@seriousme
Copy link
Contributor Author

I have squashed the commits into one.

Cheers,
Hans

@YoDaMa YoDaMa merged commit 09f412d into mqttjs:master Oct 2, 2020
@seriousme seriousme deleted the tls-cert-with-longer-keylength branch October 3, 2020 07:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@YoDaMa YoDaMa YoDaMa approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@seriousme @YoDaMa