tests/multi_net: Generate smaller certs with 2048-bit RSA.

Otherwise running the tests can take a long time when the server is a slow
target (RP2040 takes 23 seconds for a handshake when using 4096-bit RSA).

Also add instructions on how to generate elliptic curve key/certs.

Signed-off-by: Damien George <damien@micropython.org>
This commit is contained in:
Damien George 2024-01-03 16:34:58 +11:00
parent f0392b8d3d
commit 0c81ffd31a
3 changed files with 8 additions and 2 deletions

View File

@ -181,9 +181,9 @@ SSL/TLS tests in `multi_net` and `net_inet` use a
self-signed key/cert pair that is randomly generated and to be used for self-signed key/cert pair that is randomly generated and to be used for
testing/demonstration only. You should always generate your own key/cert. testing/demonstration only. You should always generate your own key/cert.
To generate a new self-signed key/cert pair with openssl do: To generate a new self-signed RSA key/cert pair with openssl do:
``` ```
$ openssl req -x509 -newkey rsa:4096 -keyout rsa_key.pem -out rsa_cert.pem -days 365 -nodes $ openssl req -x509 -newkey rsa:2048 -keyout rsa_key.pem -out rsa_cert.pem -days 365 -nodes -subj '/CN=micropython.local/O=MicroPython/C=AU'
``` ```
In this case CN is: micropython.local In this case CN is: micropython.local
@ -192,3 +192,9 @@ Convert them to DER format:
$ openssl rsa -in rsa_key.pem -out rsa_key.der -outform DER $ openssl rsa -in rsa_key.pem -out rsa_key.der -outform DER
$ openssl x509 -in rsa_cert.pem -out rsa_cert.der -outform DER $ openssl x509 -in rsa_cert.pem -out rsa_cert.der -outform DER
``` ```
To test elliptic curve key/cert pairs, create a key then a certificate using:
```
$ openssl ecparam -name prime256v1 -genkey -noout -out ec_key.der -outform DER
$ openssl req -new -x509 -key ec_key.der -out ec_cert.der -outform DER -days 365 -nodes -subj '/CN=micropython.local/O=MicroPython/C=AU'
```

Binary file not shown.

Binary file not shown.