Adar Dembo has submitted this change and it was merged. ( 
http://gerrit.cloudera.org:8080/15554 )

Change subject: [python] KUDU-3087 use 2048-bit RSA keys for CA and server certs
......................................................................

[python] KUDU-3087 use 2048-bit RSA keys for CA and server certs

In changelist 3343144fe, the external mini-cluster is configured to use
768-bit RSA cryptography for CA and server TLS certificates.  To
make this work with OpenSSL 1.1.x, it's necessary to set security
level to 0 for the client side.  That's done for C++ and Java tests in
the mentioned changelist, but Python tests were not updated
correspondingly.

This patch addresses the described issue for tests in the kudu-python
project.  Since kudu-python is a wrapper around kudu-client C++ library,
it's not trivial to configure the security level using gflags in a
non-invasive way.  The solution is to make kudu-master and kudu-tserver
processes using 2048-bit RSA keys instead of 768-bit ones, allowing the
tests in kudu-python to pass on contemporary or security-hardened Linux
distros which set security level 2 by default for the OpenSSL library.

This is a follow-up to 3343144fefaad5a30e95e21297c64c78e308fa1f.

Change-Id: I740d81291832bfc28c395443f2c01b0c9a7dbadf
Reviewed-on: http://gerrit.cloudera.org:8080/15554
Tested-by: Alexey Serbin <aser...@cloudera.com>
Reviewed-by: <huangtianhua...@gmail.com>
Reviewed-by: Grant Henke <granthe...@apache.org>
Reviewed-by: Adar Dembo <a...@cloudera.com>
---
M python/kudu/tests/common.py
1 file changed, 15 insertions(+), 1 deletion(-)

Approvals:
  Alexey Serbin: Verified
  huangtianhua...@gmail.com: Looks good to me, but someone else must approve
  Grant Henke: Looks good to me, approved
  Adar Dembo: Looks good to me, approved

--
To view, visit http://gerrit.cloudera.org:8080/15554
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-MessageType: merged
Gerrit-Change-Id: I740d81291832bfc28c395443f2c01b0c9a7dbadf
Gerrit-Change-Number: 15554
Gerrit-PatchSet: 3
Gerrit-Owner: Alexey Serbin <aser...@cloudera.com>
Gerrit-Reviewer: Adar Dembo <a...@cloudera.com>
Gerrit-Reviewer: Alexey Serbin <aser...@cloudera.com>
Gerrit-Reviewer: Anonymous Coward <huangtianhua...@gmail.com>
Gerrit-Reviewer: Grant Henke <granthe...@apache.org>
Gerrit-Reviewer: Kudu Jenkins (120)

Reply via email to