Attila Bukor has submitted this change and it was merged. ( http://gerrit.cloudera.org:8080/16675 )
Change subject: KUDU-3210 Disable digest authn in FIPS mode ...................................................................... KUDU-3210 Disable digest authn in FIPS mode The webserver supports digest authentication, which is considered insecure as it's based on MD5. This doesn't comply with FIPS 140-2, so it needs to be disabled in FIPS approved mode. Squeasel also used to roll its own MD5 implementation instead of using OpenSSL's implementation. This commit also bumps the Squeasel version to the most recent commit that already removes the MD5 implementation in favor of OpenSSL's one. This is useful in case we need to catch some other non-FIPS-compliant usages in the future. This new version no longer supports PROPFIND and MKCOL methods, which we fortunately didn't use, but string matched the list of supported methods in tests. Change-Id: I4a446aa8d95a67658c727d3a6f85943d64c79ecf Reviewed-on: http://gerrit.cloudera.org:8080/16675 Reviewed-by: Alexey Serbin <[email protected]> Tested-by: Attila Bukor <[email protected]> --- M src/kudu/server/webserver-test.cc M src/kudu/server/webserver.cc M thirdparty/vars.sh 3 files changed, 33 insertions(+), 9 deletions(-) Approvals: Alexey Serbin: Looks good to me, approved Attila Bukor: Verified -- To view, visit http://gerrit.cloudera.org:8080/16675 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: kudu Gerrit-Branch: master Gerrit-MessageType: merged Gerrit-Change-Id: I4a446aa8d95a67658c727d3a6f85943d64c79ecf Gerrit-Change-Number: 16675 Gerrit-PatchSet: 8 Gerrit-Owner: Attila Bukor <[email protected]> Gerrit-Reviewer: Alexey Serbin <[email protected]> Gerrit-Reviewer: Andrew Wong <[email protected]> Gerrit-Reviewer: Attila Bukor <[email protected]> Gerrit-Reviewer: Grant Henke <[email protected]> Gerrit-Reviewer: Kudu Jenkins (120) Gerrit-Reviewer: Wenzhe Zhou <[email protected]>
