Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Use a longer key in mitmproxy-ca.pem. #4727

Merged
merged 1 commit into from Aug 17, 2020
Merged

Conversation

wRAR
Copy link
Contributor

@wRAR wRAR commented Aug 14, 2020

Fixes the second issue in #4726. Looks like the Debian OpenSSL hardening feature (CipherString = DEFAULT@SECLEVEL=2) is still not enabled in OpenSSL by default so the 1024 key in tests/keys/mitmproxy-ca.pem is usually accepted.

As mitmproxy generates its keys on a first start, I just copied the file from ~/.mitmproxy instead of replicating the generation command.

@codecov
Copy link

codecov bot commented Aug 14, 2020

Codecov Report

Merging #4727 into master will increase coverage by 0.06%.
The diff coverage is n/a.

@@            Coverage Diff             @@
##           master    #4727      +/-   ##
==========================================
+ Coverage   86.64%   86.70%   +0.06%     
==========================================
  Files         160      160              
  Lines        9703     9703              
  Branches     1424     1424              
==========================================
+ Hits         8407     8413       +6     
+ Misses       1032     1026       -6     
  Partials      264      264              
Impacted Files Coverage Δ
scrapy/core/downloader/__init__.py 89.47% <0.00%> (-1.51%) ⬇️
scrapy/utils/spider.py 77.77% <0.00%> (+11.11%) ⬆️
scrapy/utils/py36.py 100.00% <0.00%> (+80.00%) ⬆️

@kmike
Copy link
Member

kmike commented Aug 17, 2020

@wRAR could you please elaborate on this?

Looks like the Debian OpenSSL hardening feature (CipherString = DEFAULT@SECLEVEL=2) is still not enabled in OpenSSL by default so the 1024 key in tests/keys/mitmproxy-ca.pem is usually accepted.

Do you mean that this PR changes key length to 1024, but we'll need to change it again when CipherString = DEFAULT@SECLEVEL=2 becomes default, or do you mean that current length is 1024, and it usually works because CipherString = DEFAULT@SECLEVEL=2 is not a default?

@wRAR
Copy link
Contributor Author

wRAR commented Aug 17, 2020

This PR changes the key length from current 1024 to 2048, so that it works with both relaxed and strict requirements.

@kmike kmike merged commit 282a6d4 into scrapy:master Aug 17, 2020
2 checks passed
@kmike
Copy link
Member

kmike commented Aug 17, 2020

Thanks @wRAR!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

2 participants