Alexey Serbin has submitted this change and it was merged. ( http://gerrit.cloudera.org:8080/15326 )
Change subject: [security] introduce security level override for OpenSSL ...................................................................... [security] introduce security level override for OpenSSL In some contemporary Linux distros (like RHEL/CentOS 8.1), the default security level for OpenSSL is set to 2. This makes RSA keys of length less that 2048 to be considered lax and unsecure, and the verification of corresponding certificates fails. However, in Kudu tests we use shorter keys to save time on run-time of the tests. This patch introduces a gflag to override the security level of the OpenSSL library. With that, every test derived from the KuduTest class automatically sets the security level to 1 when initializing its TLS context. That makes it possible to use RSA keys of length 1024 for generating certificates. Otherwise, many test would fail while trying to adopt or verify certificates signed with smaller RSA keys. Change-Id: Ic85fb6f7d2e7d1d09ff4c33742c5234da634b837 Reviewed-on: http://gerrit.cloudera.org:8080/15326 Tested-by: Alexey Serbin <[email protected]> Reviewed-by: Adar Dembo <[email protected]> --- M src/kudu/mini-cluster/external_mini_cluster.cc M src/kudu/security/tls_context.cc M src/kudu/util/test_util.cc 3 files changed, 34 insertions(+), 0 deletions(-) Approvals: Alexey Serbin: Verified Adar Dembo: Looks good to me, approved -- To view, visit http://gerrit.cloudera.org:8080/15326 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: kudu Gerrit-Branch: master Gerrit-MessageType: merged Gerrit-Change-Id: Ic85fb6f7d2e7d1d09ff4c33742c5234da634b837 Gerrit-Change-Number: 15326 Gerrit-PatchSet: 2 Gerrit-Owner: Alexey Serbin <[email protected]> Gerrit-Reviewer: Adar Dembo <[email protected]> Gerrit-Reviewer: Alexey Serbin <[email protected]> Gerrit-Reviewer: Kudu Jenkins (120) Gerrit-Reviewer: Volodymyr Verovkin <[email protected]>
