diff options
| author | Daniel Almasi <almd@pm.me> | 2021-01-12 00:40:12 +0300 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-01-12 00:40:12 +0300 |
| commit | 42f20455cdde94d49892aec15f78ddbb9867e2a8 (patch) | |
| tree | 8401119d3c8e140139952b9b3743e2ee2ed51a1f /certbot-ci | |
| parent | 434ca1985f26b08de18728e70e86813f357f6b65 (diff) | |
Fix EC curve name typo in crypto_util (#8598)
* Fix EC curve name typo in crypto_util
Fix typo of secp521r1 in crypto util module.
- secp521r1 is to be supported by certbot, but a typo of "SECP521R1" in the input validation section of the make_key function results in an error being thrown
* Add myself to authors.md
Add myself to authors.md ^^
* Add test for secp521r1 key generation
Add test for secp521r1 key generation to cli-tests
Diffstat (limited to 'certbot-ci')
| -rw-r--r-- | certbot-ci/certbot_integration_tests/certbot_tests/test_main.py | 15 |
1 files changed, 11 insertions, 4 deletions
diff --git a/certbot-ci/certbot_integration_tests/certbot_tests/test_main.py b/certbot-ci/certbot_integration_tests/certbot_tests/test_main.py index 546f96305..28a728370 100644 --- a/certbot-ci/certbot_integration_tests/certbot_tests/test_main.py +++ b/certbot-ci/certbot_integration_tests/certbot_tests/test_main.py @@ -9,7 +9,7 @@ import shutil import subprocess import time -from cryptography.hazmat.primitives.asymmetric.ec import SECP256R1, SECP384R1 +from cryptography.hazmat.primitives.asymmetric.ec import SECP256R1, SECP384R1, SECP521R1 from cryptography.x509 import NameOID import pytest @@ -498,6 +498,13 @@ def test_renew_with_ec_keys(context): assert_elliptic_key(key2, SECP384R1) assert 280 < os.stat(key2).st_size < 320 # ec keys of 384 bits are ~310 bytes + context.certbot(['renew', '--elliptic-curve', 'secp521r1']) + + assert_cert_count_for_lineage(context.config_dir, certname, 3) + key3 = join(context.config_dir, 'archive', certname, 'privkey3.pem') + assert_elliptic_key(key3, SECP521R1) + assert 340 < os.stat(key3).st_size < 390 # ec keys of 521 bits are ~365 bytes + # We expect here that the command will fail because without --key-type specified, # Certbot must error out to prevent changing an existing certificate key type, # without explicit user consent (by specifying both --cert-name and --key-type). @@ -511,9 +518,9 @@ def test_renew_with_ec_keys(context): # We expect that the previous behavior of requiring both --cert-name and # --key-type to be set to not apply to the renew subcommand. context.certbot(['renew', '--force-renewal', '--key-type', 'rsa']) - assert_cert_count_for_lineage(context.config_dir, certname, 3) - key3 = join(context.config_dir, 'archive', certname, 'privkey3.pem') - assert_rsa_key(key3) + assert_cert_count_for_lineage(context.config_dir, certname, 4) + key4 = join(context.config_dir, 'archive', certname, 'privkey4.pem') + assert_rsa_key(key4) def test_ocsp_must_staple(context): |