|Subject:||Use 2048-bit RSA keys in tests|
OpenSSL allows to restrict keys, hashes and algorithms to meet certain security level (see @SECLEVEL in <. Some users and software distributions are experimenting with @SECLEVEL=2 because NIST adn ENISA discourages RSA keys shorted and 2048 bits. Running Net-SSLeay-1.85 tests on such a system results to a failure because the tests uses pregenerated 1024-bit keys. Attached patch updates the keys, certificates and revocation lists to 2048-bit RSA with SHA-256. It does not update all of them. Only the minimal set that experiences difficulties. The patch is a git-formatted patch because it patches binary files (in DER format). Please consider applying it to next Net-SSLeay version.
Message body is not shown because it is too large.