[
https://issues.apache.org/jira/browse/IGNITE-13042?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17142753#comment-17142753
]
Igor Sapego commented on IGNITE-13042:
--------------------------------------
Re-generated certificates and keys, added script. [~ivandasch] , can you take a
look?
> Update SSL certificates in C++ test suites to more secure signature
> -------------------------------------------------------------------
>
> Key: IGNITE-13042
> URL: https://issues.apache.org/jira/browse/IGNITE-13042
> Project: Ignite
> Issue Type: Test
> Components: platforms
> Reporter: Ivan Daschinskiy
> Assignee: Igor Sapego
> Priority: Minor
> Time Spent: 10m
> Remaining Estimate: 0h
>
> When modern openssl is used (i.e OpenSSL 1.1.1f, which is default for ubuntu
> 20.04, for example), provided certificates are not accepted, because
> Sha1WithRSAEncryption signature is used, that is widely considered flaw. So
> certificates needs to be renewed (i.e. with sha256WithRSAEncryption signature)
> Example error:
> {code}
> Connecting to 127.0.0.1:11110
> 140246535644992:error:140AB18E:SSL routines:SSL_CTX_use_certificate:ca md too
> weak:../ssl/ssl_rsa.c:310:
> Failed to connect :Can not set client certificate file for secure connection:
> path
> /home/ivandasch/ignite/modules/platforms/cpp/thin-client-test/config/ssl/client_full.pem
> {code}
> Affected ignite-odbc-tests and ignite-thin-client-tests
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
