Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Tests: Replace RSA cert by ECDSA cert #170

Merged
merged 2 commits into from
Nov 17, 2021
Merged

Tests: Replace RSA cert by ECDSA cert #170

merged 2 commits into from
Nov 17, 2021

Conversation

MathieuBordere
Copy link

@MathieuBordere MathieuBordere commented Nov 17, 2021
edited
Loading

Because of golang/go#20058

Speeds up the tests on armhf machines by quite a lot and lowers the chance of them timing out.

key & cert generation:

$ openssl version
OpenSSL 1.1.1f  31 Mar 2020
$ openssl ecparam -out cluster.key -name secp256r1 -genkey
$ openssl req -new -key cluster.key -x509 -nodes -days 10000 -out \
cluster.crt -addext "subjectAltName = IP.1:127.0.0.1, DNS:local.test"
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a
DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:.
State or Province Name (full name) [Some-State]:.
Locality Name (eg, city) []:.
Organization Name (eg, company) [Internet Widgits Pty Ltd]:.
Organizational Unit Name (eg, section) []:.
Common Name (e.g. server FQDN or YOUR name) []:dqlite-test
Email Address []:.

Also replaced the ppa in the actions.

Mathieu Borderé added 2 commits November 17, 2021 13:33
github: update ppa
6afbaaa
testdata: Use ecdsa cert
07a26dc 
Because of golang/go#20058.

key & cert generation:

$ openssl version
OpenSSL 1.1.1f  31 Mar 2020
$ openssl ecparam -out cluster.key -name secp256r1 -genkey
$ openssl req -new -key cluster.key -x509 -nodes -days 10000 -out \
cluster.crt -addext "subjectAltName = IP.1:127.0.0.1, DNS:local.test"
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a
DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:.
State or Province Name (full name) [Some-State]:.
Locality Name (eg, city) []:.
Organization Name (eg, company) [Internet Widgits Pty Ltd]:.
Organizational Unit Name (eg, section) []:.
Common Name (e.g. server FQDN or YOUR name) []:dqlite-test
Email Address []:.
@MathieuBordere MathieuBordere changed the title Ecdsa test cert Tests: Replace RSA cert by ECDSA cert Nov 17, 2021
@stgraber
Copy link
Contributor

Ah yeah, that makes a lot of sense, extremely poor performance of RSA in Go on ARM is why we switched to ECDSA in LXD in the first place (at Google's request due to Chromebooks being extremely slow).

@stgraber stgraber merged commit 450c5ca into canonical:master Nov 17, 2021
@MathieuBordere MathieuBordere mentioned this pull request Dec 2, 2021
Open
@MathieuBordere MathieuBordere mentioned this pull request Apr 27, 2022
Merged
@MathieuBordere MathieuBordere deleted the ecdsa-test-cert branch December 9, 2022 10:30
@MathieuBordere MathieuBordere mentioned this pull request Dec 15, 2022
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@freeekanayaka freeekanayaka freeekanayaka approved these changes

@stgraber stgraber Awaiting requested review from stgraber

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@MathieuBordere @stgraber @freeekanayaka