lhotari commented on pull request #8581:
URL: https://github.com/apache/pulsar/pull/8581#issuecomment-728136822
It seems that the cerficates are invalid for TLS 1.3 . signature algorithm
for the *-cert.pem files is sha1WithRSAEncryption . SHA-1 is invalid for TLS
1.3 .
For example
```
$ openssl x509 -in
pulsar-proxy/src/test/resources/authentication/tls/server-cert.pem -text
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
88:08:98:b3:13:d8:00:97
Signature Algorithm: sha1WithRSAEncryption
Issuer: C = US, ST = CA, O = Apache, OU = Pulsar Incubator, CN =
localhost
Validity
Not Before: Feb 17 02:06:21 2018 GMT
Not After : Nov 16 00:00:00 2030 GMT
Subject: C = US, ST = CA, O = Apache, OU = Apache Pulsar, CN =
localhost
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:af:bf:b7:2d:98:ad:9d:f6:da:a3:13:d4:62:0f:
98:be:1c:a2:89:22:ba:6f:d5:fd:1f:67:e3:91:03:
98:80:81:0e:ed:d8:f6:70:7f:2c:36:68:3d:53:ea:
58:3a:a6:d5:89:66:4b:bd:1e:57:71:13:6d:4b:11:
e5:40:a5:76:84:24:92:40:58:80:96:c9:1f:2c:c4:
55:eb:a3:79:73:70:5c:37:9a:89:ed:2f:ba:6b:e3:
82:7c:69:4a:02:54:8b:81:5e:3c:bf:4c:8a:cb:ea:
2c:5e:83:e7:b7:10:08:5f:82:58:a3:89:d1:da:92:
ba:2a:28:ee:30:28:3f:5b:ae:10:71:96:c7:e1:12:
c5:b0:1a:ad:44:6f:44:3a:11:4a:9a:3c:0f:8d:06:
80:7b:34:ef:3f:6c:f4:5e:c5:44:54:1e:c8:dd:c7:
80:85:80:d9:68:e6:c6:53:03:77:e1:fe:18:61:07:
77:05:4c:ed:59:bc:5d:41:38:6a:ef:5d:a1:b2:60:
98:d4:48:28:95:02:8a:0e:fd:cf:7b:1b:d2:11:cc:
10:0c:50:73:d7:cc:38:6c:83:dd:79:26:aa:90:c8:
9b:84:86:bc:59:e9:62:69:f4:98:1b:c4:80:78:7e:
a0:1a:81:9d:d2:e1:66:dd:c4:cc:fc:63:04:ac:ec:
a7:35
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
D3:F3:19:AE:74:B1:AF:E7:AF:08:7B:16:72:78:29:87:79:ED:30:8C
X509v3 Authority Key Identifier:
keyid:D4:7A:CD:0F:44:1B:16:29:25:14:ED:A2:EF:13:0F:A7:46:09:78:F6
Signature Algorithm: sha1WithRSAEncryption
0f:04:f3:91:f2:87:19:fe:9d:f8:34:5a:24:4a:00:d1:58:bf:
1e:b2:77:67:07:bc:78:b5:4b:9a:4b:fd:a1:e5:dc:0e:09:84:
9e:59:c4:dd:cf:f7:2e:bf:da:f3:31:36:6b:81:6e:a2:88:76:
e4:2e:0b:36:44:82:36:8f:80:93:f4:9e:fc:ed:85:d0:97:da:
0f:fb:c9:b9:8b:da:ae:07:3d:4f:82:b7:0c:25:22:63:12:6b:
0a:e9:c4:12:a4:5c:ed:11:12:cc:fe:b0:2e:d4:c1:ec:79:01:
60:ea:cc:cc:e5:66:cc:57:f6:55:a9:09:4c:63:01:e9:b4:2e:
73:a5
-----BEGIN CERTIFICATE-----
MIIDLjCCApegAwIBAgIJAIgImLMT2ACXMA0GCSqGSIb3DQEBBQUAMFoxCzAJBgNV
BAYTAlVTMQswCQYDVQQIEwJDQTEPMA0GA1UEChMGQXBhY2hlMRkwFwYDVQQLExBQ
dWxzYXIgSW5jdWJhdG9yMRIwEAYDVQQDEwlsb2NhbGhvc3QwHhcNMTgwMjE3MDIw
NjIxWhcNMzAxMTE2MDAwMDAwWjBXMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0Ex
DzANBgNVBAoTBkFwYWNoZTEWMBQGA1UECxMNQXBhY2hlIFB1bHNhcjESMBAGA1UE
AxMJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr7+3
LZitnfbaoxPUYg+YvhyiiSK6b9X9H2fjkQOYgIEO7dj2cH8sNmg9U+pYOqbViWZL
vR5XcRNtSxHlQKV2hCSSQFiAlskfLMRV66N5c3BcN5qJ7S+6a+OCfGlKAlSLgV48
v0yKy+osXoPntxAIX4JYo4nR2pK6KijuMCg/W64QcZbH4RLFsBqtRG9EOhFKmjwP
jQaAezTvP2z0XsVEVB7I3ceAhYDZaObGUwN34f4YYQd3BUztWbxdQThq712hsmCY
1EgolQKKDv3PexvSEcwQDFBz18w4bIPdeSaqkMibhIa8WeliafSYG8SAeH6gGoGd
0uFm3cTM/GMErOynNQIDAQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQf
Fh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQU0/MZrnSx
r+evCHsWcngph3ntMIwwHwYDVR0jBBgwFoAU1HrND0QbFiklFO2i7xMPp0YJePYw
DQYJKoZIhvcNAQEFBQADgYEADwTzkfKHGf6d+DRaJEoA0Vi/HrJ3Zwe8eLVLmkv9
oeXcDgmEnlnE3c/3Lr/a8zE2a4Fuooh25C4LNkSCNo+Ak/Se/O2F0JfaD/vJuYva
rgc9T4K3DCUiYxJrCunEEqRc7RESzP6wLtTB7HkBYOrMzOVmzFf2VakJTGMB6bQu
c6U=
-----END CERTIFICATE-----
```
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
