bpo-34542: Update test certs and keys (GH-8997) (GH-9007)
Update all test certs and keys to use future proof crypto settings:
* 3072 bit RSA keys
* SHA-256 signature
Signed-off-by: Christian Heimes <christian@python.org>
(cherry picked from commit e6dac0077996b1e1f886f036d6f2606237fa4c85)
diff --git a/Lib/test/pycacert.pem b/Lib/test/pycacert.pem
index 850fa32..73150c9 100644
--- a/Lib/test/pycacert.pem
+++ b/Lib/test/pycacert.pem
@@ -2,78 +2,98 @@
Data:
Version: 3 (0x2)
Serial Number:
- 82:ed:bf:41:c8:80:91:9b
- Signature Algorithm: sha1WithRSAEncryption
+ cb:2d:80:99:5a:69:52:5b
+ Signature Algorithm: sha256WithRSAEncryption
Issuer: C=XY, O=Python Software Foundation CA, CN=our-ca-server
Validity
- Not Before: Jan 19 19:09:06 2018 GMT
- Not After : Jan 17 19:09:06 2028 GMT
+ Not Before: Aug 29 14:23:16 2018 GMT
+ Not After : Aug 26 14:23:16 2028 GMT
Subject: C=XY, O=Python Software Foundation CA, CN=our-ca-server
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
- Public-Key: (2048 bit)
+ Public-Key: (3072 bit)
Modulus:
- 00:c3:18:69:6b:c9:47:29:98:8e:b1:56:c2:2e:fa:
- 0e:5e:bc:23:80:b3:07:62:24:d2:42:5b:f1:4a:bf:
- a9:c8:21:75:c8:e3:e6:2c:1f:87:3c:6e:7c:1b:ed:
- 39:32:95:b7:40:b2:60:48:c3:9a:16:08:fe:6d:67:
- 88:34:3b:77:77:70:1c:70:5a:d1:1f:5f:04:21:54:
- b9:0c:e3:41:85:1d:58:ee:2f:ed:f3:0e:ef:d8:23:
- a1:fa:73:fb:4c:28:e0:e5:e6:4d:0b:02:52:49:86:
- c7:be:7e:bd:e6:56:76:8b:70:8e:0a:8f:06:33:20:
- 1d:7b:5b:aa:d0:c5:1b:ab:9b:cc:54:09:3c:bf:e4:
- 40:66:f1:fb:d6:f7:16:9d:c4:19:d4:c3:f2:ff:07:
- bc:6f:5a:9e:25:1b:02:4a:a5:ec:42:96:3a:70:d2:
- 6c:99:2b:ce:be:e8:d2:01:ef:d5:ba:b0:cf:94:3e:
- 82:d0:01:d6:4b:71:80:03:0a:12:45:86:79:81:d8:
- 4b:d2:e8:b5:b7:2c:6c:9a:4c:8a:10:10:e4:e4:f5:
- df:ce:84:91:ca:d1:46:e0:84:73:17:66:db:69:43:
- 78:80:83:be:14:4d:f1:3e:1a:d6:6c:f5:de:45:f3:
- 39:af:91:d5:3d:54:44:bf:41:cc:73:68:1a:fc:24:
- db:91
+ 00:97:ed:55:41:ba:36:17:95:db:71:1c:d3:e1:61:
+ ac:58:73:e3:c6:96:cf:2b:1f:b8:08:f5:9d:4b:4b:
+ c7:30:f6:b8:0b:b3:52:72:a0:bb:c9:4d:3b:8e:df:
+ 22:8e:01:57:81:c9:92:73:cc:00:c6:ec:70:b0:3a:
+ 17:40:c1:df:f2:8c:36:4c:c4:a7:81:e7:b6:24:68:
+ e2:a0:7e:35:07:2f:a0:5b:f9:45:46:f7:1e:f0:46:
+ 11:fe:ca:1a:3c:50:f1:26:a9:5f:9c:22:9c:f8:41:
+ e1:df:4f:12:95:19:2f:5c:90:01:17:6e:7e:3e:7d:
+ cf:e9:09:af:25:f8:f8:42:77:2d:6d:5f:36:f2:78:
+ 1e:7d:4a:87:68:63:6c:06:71:1b:8d:fa:25:fe:d4:
+ d3:f5:a5:17:b1:ef:ea:17:cb:54:c8:27:99:80:cb:
+ 3c:45:f1:2c:52:1c:dd:1f:51:45:20:50:1e:5e:ab:
+ 57:73:1b:41:78:96:de:84:a4:7a:dd:8f:30:85:36:
+ 58:79:76:a0:d2:61:c8:1b:a9:94:99:63:c6:ee:f8:
+ 14:bf:b4:52:56:31:97:fa:eb:ac:53:9e:95:ce:4c:
+ c4:5a:4a:b7:ca:03:27:5b:35:57:ce:02:dc:ec:ca:
+ 69:f8:8a:5a:39:cb:16:20:15:03:24:61:6c:f4:7a:
+ fc:b6:48:e5:59:10:5c:49:d0:23:9f:fb:71:5e:3a:
+ e9:68:9f:34:72:80:27:b6:3f:4c:b1:d9:db:63:7f:
+ 67:68:4a:6e:11:f8:e8:c0:f4:5a:16:39:53:0b:68:
+ de:77:fa:45:e7:f8:91:cd:78:cd:28:94:97:71:54:
+ fb:cf:f0:37:de:c9:26:c5:dc:1b:9e:89:6d:09:ac:
+ c8:44:71:cb:6d:f1:97:31:d5:4c:20:33:bf:75:4a:
+ a0:e0:dc:69:11:ed:2a:b4:64:10:11:30:8b:0e:b0:
+ a7:10:d8:8a:c5:aa:1b:c8:26:8a:25:e7:66:9f:a5:
+ 6a:1a:2f:7c:5f:83:c6:78:4f:1f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
- 9A:CF:CF:6E:EB:71:3D:DB:3C:F1:AE:88:6B:56:72:03:CB:08:A7:48
+ DD:BF:CA:DA:E6:D1:34:BA:37:75:21:CA:6F:9A:08:28:F2:35:B6:48
X509v3 Authority Key Identifier:
- keyid:9A:CF:CF:6E:EB:71:3D:DB:3C:F1:AE:88:6B:56:72:03:CB:08:A7:48
+ keyid:DD:BF:CA:DA:E6:D1:34:BA:37:75:21:CA:6F:9A:08:28:F2:35:B6:48
X509v3 Basic Constraints:
CA:TRUE
- Signature Algorithm: sha1WithRSAEncryption
- 10:25:c8:dc:0c:55:5c:cb:83:6e:79:ef:77:ec:0d:8e:0c:06:
- c1:4b:0c:d6:f7:75:52:21:b8:17:4a:38:88:9d:b3:78:c4:42:
- fb:b8:7c:14:38:10:fb:ac:da:11:00:5b:42:87:5e:45:9f:6d:
- 4e:42:a4:9a:18:06:39:0f:45:a6:96:89:32:d6:59:b3:d3:8e:
- e3:95:b6:c4:a2:4b:74:2f:67:c1:fb:bb:f9:72:6f:37:4a:e7:
- f4:48:33:71:df:b8:f5:e6:41:3f:d5:d5:2f:26:09:f8:0e:92:
- ff:70:ea:f6:ab:58:fb:90:04:d6:43:2e:8f:b1:fb:06:ab:69:
- d0:dc:a8:f8:5b:07:f2:d4:66:1f:63:f8:5d:c1:9e:41:44:bb:
- c9:e8:7d:e0:46:e4:a7:c8:32:5f:31:62:e5:1c:5c:89:dd:b7:
- a2:4f:9e:0d:13:b8:5f:b1:84:53:4c:1f:ce:19:e1:01:00:5e:
- bf:41:55:94:a9:a5:13:db:f2:59:f3:d6:4e:b9:9d:9d:b9:0a:
- d9:b2:18:6d:7c:b1:f7:96:aa:bd:f6:f9:95:0f:4a:6e:3c:7c:
- 46:5b:df:d4:78:ec:9a:dc:e2:e3:01:e6:88:77:39:93:9c:ba:
- 2a:63:f9:25:4b:4f:ac:08:79:39:c6:7b:df:07:35:ba:c0:c2:
- 50:bf:5a:81
+ Signature Algorithm: sha256WithRSAEncryption
+ 33:6a:54:d3:6b:c0:d7:01:5f:9d:f4:05:c1:93:66:90:50:d0:
+ b7:18:e9:b0:1e:4a:a0:b6:da:76:93:af:84:db:ad:15:54:31:
+ 15:13:e4:de:7e:4e:0c:d5:09:1c:34:35:b6:e5:4c:d6:6f:65:
+ 7d:32:5f:eb:fc:a9:6b:07:f7:49:82:e5:81:7e:07:80:9a:63:
+ f8:2c:c3:40:bc:8f:d4:2a:da:3e:d1:ee:08:b7:4d:a7:84:ca:
+ f4:3f:a1:98:45:be:b1:05:69:e7:df:d7:99:ab:1b:ee:8b:30:
+ cc:f7:fc:e7:d4:0b:17:ae:97:bf:e4:7b:fd:0f:a7:b4:85:79:
+ e3:59:e2:16:87:bf:1f:29:45:2c:23:93:76:be:c0:87:1d:de:
+ ec:2b:42:6a:e5:bb:c8:f4:0a:4a:08:0a:8c:5c:d8:7d:4d:d1:
+ b8:bf:d5:f7:29:ed:92:d1:94:04:e8:35:06:57:7f:2c:23:97:
+ 87:a5:35:8d:26:d3:1a:47:f2:16:d7:d9:c6:d4:1f:23:43:d3:
+ 26:99:39:ca:20:f4:71:23:6f:0c:4a:76:76:f7:76:1f:b3:fe:
+ bf:47:b0:fc:2a:56:81:e1:d2:dd:ee:08:d8:f4:ff:5a:dc:25:
+ 61:8a:91:02:b9:86:1c:f2:50:73:76:25:35:fc:b6:25:26:15:
+ cb:eb:c4:2b:61:0c:1c:e7:ee:2f:17:9b:ec:f0:d4:a1:84:e7:
+ d2:af:de:e4:1b:24:14:a7:01:87:e3:ab:29:58:46:a0:d9:c0:
+ 0a:e0:8d:d7:59:d3:1b:f8:54:20:3e:78:a5:a5:c8:4f:8b:03:
+ c4:96:9f:ec:fb:47:cf:76:2d:8d:65:34:27:bf:fa:ae:01:05:
+ 8a:f3:92:0a:dd:89:6c:97:a1:c7:e7:60:51:e7:ac:eb:4b:7d:
+ 2c:b8:65:c9:fe:5d:6a:48:55:8e:e4:c7:f9:6a:40:e1:b8:64:
+ 45:e9:b5:59:29:a5:5f:cf:7d:58:7d:64:79:e5:a4:09:ac:1e:
+ 76:65:3d:94:c4:68
-----BEGIN CERTIFICATE-----
-MIIDbTCCAlWgAwIBAgIJAILtv0HIgJGbMA0GCSqGSIb3DQEBBQUAME0xCzAJBgNV
+MIIEbTCCAtWgAwIBAgIJAMstgJlaaVJbMA0GCSqGSIb3DQEBCwUAME0xCzAJBgNV
BAYTAlhZMSYwJAYDVQQKDB1QeXRob24gU29mdHdhcmUgRm91bmRhdGlvbiBDQTEW
-MBQGA1UEAwwNb3VyLWNhLXNlcnZlcjAeFw0xODAxMTkxOTA5MDZaFw0yODAxMTcx
-OTA5MDZaME0xCzAJBgNVBAYTAlhZMSYwJAYDVQQKDB1QeXRob24gU29mdHdhcmUg
-Rm91bmRhdGlvbiBDQTEWMBQGA1UEAwwNb3VyLWNhLXNlcnZlcjCCASIwDQYJKoZI
-hvcNAQEBBQADggEPADCCAQoCggEBAMMYaWvJRymYjrFWwi76Dl68I4CzB2Ik0kJb
-8Uq/qcghdcjj5iwfhzxufBvtOTKVt0CyYEjDmhYI/m1niDQ7d3dwHHBa0R9fBCFU
-uQzjQYUdWO4v7fMO79gjofpz+0wo4OXmTQsCUkmGx75+veZWdotwjgqPBjMgHXtb
-qtDFG6ubzFQJPL/kQGbx+9b3Fp3EGdTD8v8HvG9aniUbAkql7EKWOnDSbJkrzr7o
-0gHv1bqwz5Q+gtAB1ktxgAMKEkWGeYHYS9LotbcsbJpMihAQ5OT1386EkcrRRuCE
-cxdm22lDeICDvhRN8T4a1mz13kXzOa+R1T1URL9BzHNoGvwk25ECAwEAAaNQME4w
-HQYDVR0OBBYEFJrPz27rcT3bPPGuiGtWcgPLCKdIMB8GA1UdIwQYMBaAFJrPz27r
-cT3bPPGuiGtWcgPLCKdIMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEB
-ABAlyNwMVVzLg25573fsDY4MBsFLDNb3dVIhuBdKOIids3jEQvu4fBQ4EPus2hEA
-W0KHXkWfbU5CpJoYBjkPRaaWiTLWWbPTjuOVtsSiS3QvZ8H7u/lybzdK5/RIM3Hf
-uPXmQT/V1S8mCfgOkv9w6varWPuQBNZDLo+x+waradDcqPhbB/LUZh9j+F3BnkFE
-u8nofeBG5KfIMl8xYuUcXIndt6JPng0TuF+xhFNMH84Z4QEAXr9BVZSppRPb8lnz
-1k65nZ25CtmyGG18sfeWqr32+ZUPSm48fEZb39R47Jrc4uMB5oh3OZOcuipj+SVL
-T6wIeTnGe98HNbrAwlC/WoE=
+MBQGA1UEAwwNb3VyLWNhLXNlcnZlcjAeFw0xODA4MjkxNDIzMTZaFw0yODA4MjYx
+NDIzMTZaME0xCzAJBgNVBAYTAlhZMSYwJAYDVQQKDB1QeXRob24gU29mdHdhcmUg
+Rm91bmRhdGlvbiBDQTEWMBQGA1UEAwwNb3VyLWNhLXNlcnZlcjCCAaIwDQYJKoZI
+hvcNAQEBBQADggGPADCCAYoCggGBAJftVUG6NheV23Ec0+FhrFhz48aWzysfuAj1
+nUtLxzD2uAuzUnKgu8lNO47fIo4BV4HJknPMAMbscLA6F0DB3/KMNkzEp4HntiRo
+4qB+NQcvoFv5RUb3HvBGEf7KGjxQ8SapX5winPhB4d9PEpUZL1yQARdufj59z+kJ
+ryX4+EJ3LW1fNvJ4Hn1Kh2hjbAZxG436Jf7U0/WlF7Hv6hfLVMgnmYDLPEXxLFIc
+3R9RRSBQHl6rV3MbQXiW3oSket2PMIU2WHl2oNJhyBuplJljxu74FL+0UlYxl/rr
+rFOelc5MxFpKt8oDJ1s1V84C3OzKafiKWjnLFiAVAyRhbPR6/LZI5VkQXEnQI5/7
+cV466WifNHKAJ7Y/TLHZ22N/Z2hKbhH46MD0WhY5Uwto3nf6Ref4kc14zSiUl3FU
++8/wN97JJsXcG56JbQmsyERxy23xlzHVTCAzv3VKoODcaRHtKrRkEBEwiw6wpxDY
+isWqG8gmiiXnZp+lahovfF+DxnhPHwIDAQABo1AwTjAdBgNVHQ4EFgQU3b/K2ubR
+NLo3dSHKb5oIKPI1tkgwHwYDVR0jBBgwFoAU3b/K2ubRNLo3dSHKb5oIKPI1tkgw
+DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAYEAM2pU02vA1wFfnfQFwZNm
+kFDQtxjpsB5KoLbadpOvhNutFVQxFRPk3n5ODNUJHDQ1tuVM1m9lfTJf6/ypawf3
+SYLlgX4HgJpj+CzDQLyP1CraPtHuCLdNp4TK9D+hmEW+sQVp59/Xmasb7oswzPf8
+59QLF66Xv+R7/Q+ntIV541niFoe/HylFLCOTdr7Ahx3e7CtCauW7yPQKSggKjFzY
+fU3RuL/V9yntktGUBOg1Bld/LCOXh6U1jSbTGkfyFtfZxtQfI0PTJpk5yiD0cSNv
+DEp2dvd2H7P+v0ew/CpWgeHS3e4I2PT/WtwlYYqRArmGHPJQc3YlNfy2JSYVy+vE
+K2EMHOfuLxeb7PDUoYTn0q/e5BskFKcBh+OrKVhGoNnACuCN11nTG/hUID54paXI
+T4sDxJaf7PtHz3YtjWU0J7/6rgEFivOSCt2JbJehx+dgUees60t9LLhlyf5dakhV
+juTH+WpA4bhkRem1WSmlX899WH1keeWkCawedmU9lMRo
-----END CERTIFICATE-----