Add config yadm.openssl-old

The newer versions (OpenSSL 1.1.1 or LibreSSL 2.9.1) support the pbkdf2 key derivation function, while older versions do not. In addition the new versions have changed the default digest to SHA256 instead of MD5. Files encrypted with older versions would throw warnings about deprecated key derivation used files encrypted with newer versions + pbkdf2 would not be decryptable using older versions These problems matter, when many users maintain their dotfiles across different systems with different levels of OpenSSL support. A new boolean config option has been added, yadm.openssl-old * If false, use options -pbkdf2 -iter 100000 -md sha512 * If true, use options -md md5 (and if decrypting with newer versions warnings will be printed)
2026-03-02 03:49:29 +00:00 · 2020-09-25 09:25:38 -05:00
parent 47d4ea5f7e
commit 05ae6f0257
2 changed files with 14 additions and 2 deletions
--- a/test/conftest.py
+++ b/test/conftest.py
@@ -124,6 +124,7 @@ def supported_configs():
        'yadm.gpg-program',
        'yadm.gpg-recipient',
        'yadm.openssl-ciphername',
+        'yadm.openssl-old',
        'yadm.openssl-program',
        'yadm.ssh-perms',
        ]