Marton Greber has uploaded this change for review. ( http://gerrit.cloudera.org:8080/20162
Change subject: Re-generate test certs with OpenSSL3 ...................................................................... Re-generate test certs with OpenSSL3 Some tests (security-itest, rpc-test) have been failing on newer distros (RHEL9, Ubuntu22) with OpenSSL3. The errors were along the lines of: 'failed md too weak'. Alexey pointed out that the issue was in using SHA1 for the certificate digest. We opted to re-generate the test certs with OpenSSL3, such that certs would use non-obsolete ciphers. I followed the same guide which is mentioned in test_certs.cc comment section [1], with a couple of differences: * in 'openssl req' commands I omitted the '-sha256' switch, * the commonName in 'openssl ca' is localhost * in ca.conf [alt_names] DNS.0 is localhost I tested this patch (ctest) on RHEL9 with slow tests enabled. All the tests passed. [1] https://raymii.org/s/tutorials/OpenSSL_command_line_Root_and_ Intermediate_CA_including_OCSP_CRL%20and_revocation.html Change-Id: I4b7f28e76f8bebe3bb4284eaa81e4afe03877420 --- M src/kudu/security/test/test_certs.cc 1 file changed, 653 insertions(+), 506 deletions(-) git pull ssh://gerrit.cloudera.org:29418/kudu refs/changes/62/20162/1 -- To view, visit http://gerrit.cloudera.org:8080/20162 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: kudu Gerrit-Branch: master Gerrit-MessageType: newchange Gerrit-Change-Id: I4b7f28e76f8bebe3bb4284eaa81e4afe03877420 Gerrit-Change-Number: 20162 Gerrit-PatchSet: 1 Gerrit-Owner: Marton Greber <[email protected]>
