tests/multi_net: Generate smaller certs with 2048-bit RSA.

Otherwise running the tests can take a long time when the server is a slow target (RP2040 takes 23 seconds for a handshake when using 4096-bit RSA). Also add instructions on how to generate elliptic curve key/certs. Signed-off-by: Damien George <damien@micropython.org>
micropython · Jan 5, 2024 · 0c81ffd · 0c81ffd
1 parent f0392b8
commit 0c81ffd
Show file tree

Hide file tree

Showing 3 changed files with 8 additions and 2 deletions.
diff --git a/tests/README.md b/tests/README.md
@@ -181,9 +181,9 @@ SSL/TLS tests in `multi_net` and `net_inet` use a
 self-signed key/cert pair that is randomly generated and to be used for
 testing/demonstration only. You should always generate your own key/cert.
 
-To generate a new self-signed key/cert pair with openssl do:
+To generate a new self-signed RSA key/cert pair with openssl do:
 ```
-$ openssl req -x509 -newkey rsa:4096 -keyout rsa_key.pem -out rsa_cert.pem -days 365 -nodes
+$ openssl req -x509 -newkey rsa:2048 -keyout rsa_key.pem -out rsa_cert.pem -days 365 -nodes -subj '/CN=micropython.local/O=MicroPython/C=AU'
 ```
 In this case CN is: micropython.local
 
@@ -192,3 +192,9 @@ Convert them to DER format:
 $ openssl rsa -in rsa_key.pem -out rsa_key.der -outform DER
 $ openssl x509 -in rsa_cert.pem -out rsa_cert.der -outform DER
 ```
+
+To test elliptic curve key/cert pairs, create a key then a certificate using:
+```
+$ openssl ecparam -name prime256v1 -genkey -noout -out ec_key.der -outform DER
+$ openssl req -new -x509 -key ec_key.der -out ec_cert.der -outform DER -days 365 -nodes -subj '/CN=micropython.local/O=MicroPython/C=AU'
+```
diff --git a/tests/multi_net/rsa_cert.der b/tests/multi_net/rsa_cert.der
diff --git a/tests/multi_net/rsa_key.der b/tests/multi_net/rsa_key.der