[jira] [Updated] (IGNITE-13042) Update SSL certificates in C++ test suites to more secure signature

Ivan Daschinskiy (Jira) Wed, 20 May 2020 06:30:09 -0700


     [ 
https://issues.apache.org/jira/browse/IGNITE-13042?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Ivan Daschinskiy updated IGNITE-13042:
--------------------------------------
    Description: 
When modern openssl is used (i.e  OpenSSL 1.1.1f, which is default for ubuntu 
20.04, for example),  provided certificates are not accepted, because use 
Sha1WithRSAEncryption signature, that is widely considered flaw. So 
certificates needs to be renewed (i.e. with sha256WithRSAEncryption signature)

Example error:

{code}
Connecting to 127.0.0.1:11110
140246535644992:error:140AB18E:SSL routines:SSL_CTX_use_certificate:ca md too 
weak:../ssl/ssl_rsa.c:310:
Failed to connect :Can not set client certificate file for secure connection: 
path 
/home/ivandasch/ignite/modules/platforms/cpp/thin-client-test/config/ssl/client_full.pem

{code}


  was:
When modern openssl is used (i.e  OpenSSL 1.1.1f, which is default for ubuntu 
20.04, for example),  provided certificates are not accepted, because use 
sha1withRsaEncription signature, that is widely considered flaw. So 
certificates needs to be renewed.

Example error:

{code}
Connecting to 127.0.0.1:11110
140246535644992:error:140AB18E:SSL routines:SSL_CTX_use_certificate:ca md too 
weak:../ssl/ssl_rsa.c:310:
Failed to connect :Can not set client certificate file for secure connection: 
path 
/home/ivandasch/ignite/modules/platforms/cpp/thin-client-test/config/ssl/client_full.pem

{code}



> Update SSL certificates in C++ test suites to more secure signature
> -------------------------------------------------------------------
>
>                 Key: IGNITE-13042
>                 URL: https://issues.apache.org/jira/browse/IGNITE-13042
>             Project: Ignite
>          Issue Type: Test
>          Components: platforms
>            Reporter: Ivan Daschinskiy
>            Priority: Minor
>
> When modern openssl is used (i.e  OpenSSL 1.1.1f, which is default for ubuntu 
> 20.04, for example),  provided certificates are not accepted, because use 
> Sha1WithRSAEncryption signature, that is widely considered flaw. So 
> certificates needs to be renewed (i.e. with sha256WithRSAEncryption signature)
> Example error:
> {code}
> Connecting to 127.0.0.1:11110
> 140246535644992:error:140AB18E:SSL routines:SSL_CTX_use_certificate:ca md too 
> weak:../ssl/ssl_rsa.c:310:
> Failed to connect :Can not set client certificate file for secure connection: 
> path 
> /home/ivandasch/ignite/modules/platforms/cpp/thin-client-test/config/ssl/client_full.pem
> {code}



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Updated] (IGNITE-13042) Update SSL certificates in C++ test suites to more secure signature

Reply via email to