This is an automated email from the ASF dual-hosted git repository.
mapohl pushed a commit to branch release-1.18
in repository https://gitbox.apache.org/repos/asf/flink.git
The following commit(s) were added to refs/heads/release-1.18 by this push:
new 2ee3beeaa23 [FLINK-33902][ci] Adds -legacy to openssl command
2ee3beeaa23 is described below
commit 2ee3beeaa2302d96e1c420b03ecc0e1e22812110
Author: Matthias Pohl <[email protected]>
AuthorDate: Fri Nov 17 15:51:14 2023 +0100
[FLINK-33902][ci] Adds -legacy to openssl command
---
flink-end-to-end-tests/test-scripts/common_ssl.sh | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/flink-end-to-end-tests/test-scripts/common_ssl.sh
b/flink-end-to-end-tests/test-scripts/common_ssl.sh
index 2a2c7f11783..2d99e29c4f5 100644
--- a/flink-end-to-end-tests/test-scripts/common_ssl.sh
+++ b/flink-end-to-end-tests/test-scripts/common_ssl.sh
@@ -67,8 +67,15 @@ function _set_conf_ssl_helper {
keytool -importcert -keystore "${ssl_dir}/node.keystore" -storepass
${password} -file "${ssl_dir}/ca.cer" -alias ca -noprompt
keytool -importcert -keystore "${ssl_dir}/node.keystore" -storepass
${password} -file "${ssl_dir}/node.cer" -alias node -noprompt
+ local additional_params
+ additional_params=""
+ if [[ ! "$(openssl version)" =~ OpenSSL\ 1 ]]; then
+ # OpenSSL 3.x doesn't enable PKCS12 by default - we need to enable
legacy algorithms
+ additional_params="-legacy"
+ fi
+
# keystore is converted into a pem format to use it as node.pem with curl
in Flink REST API queries, see also $CURL_SSL_ARGS
- openssl pkcs12 -passin pass:${password} -in "${ssl_dir}/node.keystore"
-out "${ssl_dir}/node.pem" -nodes
+ openssl pkcs12 ${additional_params} -passin pass:${password} -in
"${ssl_dir}/node.keystore" -out "${ssl_dir}/node.pem" -nodes
if [ "${provider}" = "OPENSSL" -a "${provider_lib}" = "dynamic" ]; then
cp $FLINK_DIR/opt/flink-shaded-netty-tcnative-dynamic-*.jar
$FLINK_DIR/lib/
