Skip to content

Fix key generation #78

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Fix key generation #78

wants to merge 2 commits into from

Conversation

sschwarzer
Copy link

@sschwarzer sschwarzer commented Jul 10, 2021
edited
Loading

So far, this PR has these changes:

  • Use a longer password to prevent an error during key generation
  • Use a larger key size to stop stacktraces when starting the server

Please refer to the commit messages for details.

@sschwarzer
Use longer password for key generation
a325bde 
Use longer password, "dummy", instead of "a", for key generation with
`make keys`.

When running `make keys`, I see error messages of the form

  routines:UI_set_result_ex:result too small:crypto/ui/ui_lib.c:905:You
  must type in 4 to 1023 characters

and `private-key.pem` is generated with a length of 0 bytes.

According to https://bugzilla.redhat.com/show_bug.cgi?id=1467669 ,
this is because the used passwords are too short.
@sschwarzer
Use larger key size in Makefile
a724e68 
With the default key size of 1024, when I start the server with
`make compile run`, I see several stacktraces with the message

  #<thread:'package-change-handler>
  *** DAEMON CRASHED: main-web-server-thread ***
  ssl-load-certificate-chain!: load failed from: #<path:/home/schwa/sd/racket/racket-pkg-website/src/../server-cert.pem> (error:140AB18F:SSL routines:SSL_CTX_use_certificate:ee key too small)
    context...:

jfromaniello/selfsigned#33 suggests increasing
the key size to at least 2048 bits. Increasing the key size in the
Makefile makes the above stacktraces go away.

I set the key size in the Makefile to 4096 to make it more
"future-proof", but feel free to use a key size of 2048, which works for
me as well.
@sschwarzer sschwarzer changed the title Use longer password for key generation Fix key generation Jul 10, 2021
LiberalArtist added a commit to LiberalArtist/racket-pkg-website that referenced this pull request Jun 23, 2023
@LiberalArtist
dev: Generate stronger self-signed certificates.
cbc7ae3 
OpenSSL on my system refused to use certificates generated with the
old parameters.

Related to racket#78
jryans pushed a commit that referenced this pull request Jun 27, 2023
@LiberalArtist @jryans
dev: Generate stronger self-signed certificates.
43d955f 
OpenSSL on my system refused to use certificates generated with the
old parameters.

Related to #78
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@sschwarzer