* test/openssl/utils.rb

test/openssl/test_pair.rb
  test/openssl/test_pkey_dh.rb: Use 1024 bit DH parameters to satisfy
  OpenSSL FIPS requirements. Patch by Vit Ondruch.
  [Bug #6938] [ruby-core:47326]


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@36843 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

test/openssl/utils.rb

@@ -92,13 +92,16 @@ CeBUl+MahZtn9fO1JKdF4qJmS39dXnpENg==
 
 end
 
-  TEST_KEY_DH512 = OpenSSL::PKey::DH.new <<-_end_of_pem_
+  TEST_KEY_DH512_PUB = OpenSSL::PKey::DH.new <<-_end_of_pem_
 -----BEGIN DH PARAMETERS-----
 MEYCQQDmWXGPqk76sKw/edIOdhAQD4XzjJ+AR/PTk2qzaGs+u4oND2yU5D2NN4wr
 aPgwHyJBiK1/ebK3tYcrSKrOoRyrAgEC
 -----END DH PARAMETERS-----
   _end_of_pem_
 
+
+  TEST_KEY_DH1024 = OpenSSL::PKey::DH.new(1024)
+
   module_function
 
   def issue_cert(dn, key, serial, not_before, not_after, extensions,
@@ -238,7 +241,6 @@ aPgwHyJBiK1/ebK3tYcrSKrOoRyrAgEC
     rescue Errno::EBADF, IOError, Errno::EINVAL, Errno::ECONNABORTED, Errno::ENOTSOCK, Errno::ECONNRESET
     end
 
-    DHParam = OpenSSL::PKey::DH.new(128)
     def start_server(port0, verify_mode, start_immediately, args = {}, &block)
       ctx_proc = args[:ctx_proc]
       server_proc = args[:server_proc]
@@ -252,7 +254,7 @@ aPgwHyJBiK1/ebK3tYcrSKrOoRyrAgEC
       #ctx.extra_chain_cert = [ ca_cert ]
       ctx.cert = @svr_cert
       ctx.key = @svr_key
-      ctx.tmp_dh_callback = proc { DHParam }
+      ctx.tmp_dh_callback = proc { OpenSSL::TestUtils::TEST_KEY_DH1024 }
       ctx.verify_mode = verify_mode
       ctx_proc.call(ctx) if ctx_proc