Alexey Serbin has uploaded this change for review. ( http://gerrit.cloudera.org:8080/15326
Change subject: [security] introduce security level override for OpenSSL ...................................................................... [security] introduce security level override for OpenSSL In some contemporary Linux distros (like RHEL/CentOS 8.1), the default security level for OpenSSL is set to 2. This makes RSA keys of length less that 2048 to be considered lax and unsecure, and the verification of corresponding certificates fails. However, in Kudu tests we use shorter keys to save time on run-time of the tests. This patch introduces a gflag to override the security level of the OpenSSL library. With that, every test derived from the KuduTest class automatically sets the security level to 1 when initializing its TLS context. That makes it possible to use RSA keys of length 1024 for generating certificates. Otherwise, many test would fail while trying to adopt or verify certificates signed with smaller RSA keys. Change-Id: Ic85fb6f7d2e7d1d09ff4c33742c5234da634b837 --- M src/kudu/mini-cluster/external_mini_cluster.cc M src/kudu/security/tls_context.cc M src/kudu/util/test_util.cc 3 files changed, 34 insertions(+), 0 deletions(-) git pull ssh://gerrit.cloudera.org:29418/kudu refs/changes/26/15326/1 -- To view, visit http://gerrit.cloudera.org:8080/15326 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: kudu Gerrit-Branch: master Gerrit-MessageType: newchange Gerrit-Change-Id: Ic85fb6f7d2e7d1d09ff4c33742c5234da634b837 Gerrit-Change-Number: 15326 Gerrit-PatchSet: 1 Gerrit-Owner: Alexey Serbin <[email protected]>
