[jira] [Updated] (IGNITE-13042) Update SSL certificates in C++ test suites to more secure signature

Ivan Daschinskiy (Jira) Wed, 20 May 2020 06:32:11 -0700


     [ 
https://issues.apache.org/jira/browse/IGNITE-13042?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Ivan Daschinskiy updated IGNITE-13042:
--------------------------------------
    Description: 
When modern openssl is used (i.e  OpenSSL 1.1.1f, which is default for ubuntu 
20.04, for example),  provided certificates are not accepted, because 
Sha1WithRSAEncryption signature is used, that is widely considered flaw. So 
certificates needs to be renewed (i.e. with sha256WithRSAEncryption signature)

Example error:

{code}
Connecting to 127.0.0.1:11110
140246535644992:error:140AB18E:SSL routines:SSL_CTX_use_certificate:ca md too 
weak:../ssl/ssl_rsa.c:310:
Failed to connect :Can not set client certificate file for secure connection: 
path 
/home/ivandasch/ignite/modules/platforms/cpp/thin-client-test/config/ssl/client_full.pem

{code}

Affected ignite-odbc-tests and ignite-thin-client-tests


  was:
When modern openssl is used (i.e  OpenSSL 1.1.1f, which is default for ubuntu 
20.04, for example),  provided certificates are not accepted, because use 
Sha1WithRSAEncryption signature, that is widely considered flaw. So 
certificates needs to be renewed (i.e. with sha256WithRSAEncryption signature)

Example error:

{code}
Connecting to 127.0.0.1:11110
140246535644992:error:140AB18E:SSL routines:SSL_CTX_use_certificate:ca md too 
weak:../ssl/ssl_rsa.c:310:
Failed to connect :Can not set client certificate file for secure connection: 
path 
/home/ivandasch/ignite/modules/platforms/cpp/thin-client-test/config/ssl/client_full.pem

{code}

Affected ignite-odbc-tests and ignite-thin-client-tests



> Update SSL certificates in C++ test suites to more secure signature
> -------------------------------------------------------------------
>
>                 Key: IGNITE-13042
>                 URL: https://issues.apache.org/jira/browse/IGNITE-13042
>             Project: Ignite
>          Issue Type: Test
>          Components: platforms
>            Reporter: Ivan Daschinskiy
>            Assignee: Igor Sapego
>            Priority: Minor
>
> When modern openssl is used (i.e  OpenSSL 1.1.1f, which is default for ubuntu 
> 20.04, for example),  provided certificates are not accepted, because 
> Sha1WithRSAEncryption signature is used, that is widely considered flaw. So 
> certificates needs to be renewed (i.e. with sha256WithRSAEncryption signature)
> Example error:
> {code}
> Connecting to 127.0.0.1:11110
> 140246535644992:error:140AB18E:SSL routines:SSL_CTX_use_certificate:ca md too 
> weak:../ssl/ssl_rsa.c:310:
> Failed to connect :Can not set client certificate file for secure connection: 
> path 
> /home/ivandasch/ignite/modules/platforms/cpp/thin-client-test/config/ssl/client_full.pem
> {code}
> Affected ignite-odbc-tests and ignite-thin-client-tests



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Updated] (IGNITE-13042) Update SSL certificates in C++ test suites to more secure signature

Reply via email to