[
https://issues.apache.org/jira/browse/KUDU-3207?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17282205#comment-17282205
]
ASF subversion and git services commented on KUDU-3207:
-------------------------------------------------------
Commit cb6e0112909bd66127efae6bc2210869940e77c8 in kudu's branch
refs/heads/master from Grant Henke
[ https://gitbox.apache.org/repos/asf?p=kudu.git;h=cb6e011 ]
[test] Skip CryptoTest.RsaPrivateKeyInputOutputPEM in FIPS mode
When run in FIPS mode CryptoTest.RsaPrivateKeyInputOutputPEM
test fails as described in KUDU-3207 due to the use of PKCS #8
instead of the expected PKCS #1.
This patch disables the test when run in FIPS mode until we can
standardize the RSA private key format.
Change-Id: I2cf4a9286d1e3e9000c359fa69e27ef42d91ae88
Reviewed-on: http://gerrit.cloudera.org:8080/17051
Tested-by: Kudu Jenkins
Reviewed-by: Alexey Serbin <[email protected]>
> Standardize RSA private key format
> ----------------------------------
>
> Key: KUDU-3207
> URL: https://issues.apache.org/jira/browse/KUDU-3207
> Project: Kudu
> Issue Type: Improvement
> Reporter: Attila Bukor
> Priority: Minor
> Labels: OpenSSL, security
>
> Currently, Kudu stores RSA private keys in PEM format using
> PEM_write_bio_RSAPrivateKey(), which doesn't specify the format in which the
> key is stored. It expects it to be PKCS #1 (BEGIN/END RSA PRIVATE KEY), but
> it seems there are some OpenSSL versions (CryptoComply) that use PKCS #8
> instead (BEGIN/END PRIVATE KEY). {{CryptoTest.RsaPrivateKeyInputOutputPEM}}
> fails due to this, as it compares the private key to an expected string,
> which is in PKCS #1 format. The read functions are explicitly said to handle
> any known format, so this shouldn't cause any issues, but it would still be
> nice to standardize on a single format (probably PKCS #8).
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
