Hello Alexey Serbin, Andrew Wong, Grant Henke,
I'd like you to do a code review. Please visit
http://gerrit.cloudera.org:8080/16675
to review the following change.
Change subject: Disable digest authn in FIPS mode
......................................................................
Disable digest authn in FIPS mode
The webserver supports digest authentication, which is considered
insecure as it's based on MD5. This doesn't comply with FIPS 140-2, so
it needs to be disabled in FIPS approved mode.
Squeasel also used to roll its own MD5 implementation instead of using
OpenSSL's implementation. This commit also bumps the Squeasel version to
the most recent commit that already removes the MD5 implementation in
favor of OpenSSL's one. This is useful in case we need to catch some
other non-FIPS-compliant usages in the future. This new version no
longer supports PROPFIND and MKCOL methods, which we fortunately didn't
use, but string matched the list of supported methods in tests.
Change-Id: I4a446aa8d95a67658c727d3a6f85943d64c79ecf
---
M src/kudu/server/webserver-test.cc
M src/kudu/server/webserver.cc
M thirdparty/vars.sh
3 files changed, 29 insertions(+), 9 deletions(-)
git pull ssh://gerrit.cloudera.org:29418/kudu refs/changes/75/16675/1
--
To view, visit http://gerrit.cloudera.org:8080/16675
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-MessageType: newchange
Gerrit-Change-Id: I4a446aa8d95a67658c727d3a6f85943d64c79ecf
Gerrit-Change-Number: 16675
Gerrit-PatchSet: 1
Gerrit-Owner: Attila Bukor <[email protected]>
Gerrit-Reviewer: Alexey Serbin <[email protected]>
Gerrit-Reviewer: Andrew Wong <[email protected]>
Gerrit-Reviewer: Grant Henke <[email protected]>
