ruby/ruby-2.6.0-use-larger-keys-for-SSL-webrick-tests.patch

From ef6153f727d118d4e7854c0f52d3d8b0e4ed7817 Mon Sep 17 00:00:00 2001
From: normal <normal@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Mon, 3 Dec 2018 04:51:08 +0000
Subject: [PATCH] webrick: fix tests on Debian sid/unstable with OpenSSL 1.1.1a

OpenSSL complains abour our keys being small and weak :<
Make them big and strong with 2048-bit RSA keys and SHA256 digests

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@66152 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
 lib/webrick/ssl.rb             | 4 ++--
 test/webrick/test_httpproxy.rb | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/lib/webrick/ssl.rb b/lib/webrick/ssl.rb
index 8a334eaff1..d125083528 100644
--- a/lib/webrick/ssl.rb
+++ b/lib/webrick/ssl.rb
@@ -130,7 +130,7 @@ def create_self_signed_cert(bits, cn, comment)
       aki = ef.create_extension("authorityKeyIdentifier",
                                 "keyid:always,issuer:always")
       cert.add_extension(aki)
-      cert.sign(rsa, OpenSSL::Digest::SHA1.new)
+      cert.sign(rsa, OpenSSL::Digest::SHA256.new)
 
       return [ cert, rsa ]
     end
@@ -181,7 +181,7 @@ def setup_ssl_context(config) # :nodoc:
       unless config[:SSLCertificate]
         cn = config[:SSLCertName]
         comment = config[:SSLCertComment]
-        cert, key = Utils::create_self_signed_cert(1024, cn, comment)
+        cert, key = Utils::create_self_signed_cert(2048, cn, comment)
         config[:SSLCertificate] = cert
         config[:SSLPrivateKey] = key
       end
diff --git a/test/webrick/test_httpproxy.rb b/test/webrick/test_httpproxy.rb
index 452e7b94b7..780d95937a 100644
--- a/test/webrick/test_httpproxy.rb
+++ b/test/webrick/test_httpproxy.rb
@@ -133,7 +133,7 @@ def make_certificate(key, cn)
     cert.not_after = Time.now + 3600
     ef = OpenSSL::X509::ExtensionFactory.new(cert, cert)
     exts.each {|args| cert.add_extension(ef.create_extension(*args)) }
-    cert.sign(key, "sha1")
+    cert.sign(key, "sha256")
     return cert
   end if defined?(OpenSSL::SSL)
 
-- 
2.26.2