Joe McDonnell has uploaded this change for review. ( http://gerrit.cloudera.org:8080/22910
Change subject: PROTOTYPE: Support certificates signed with RSASSA-PSS for channel bindings ...................................................................... PROTOTYPE: Support certificates signed with RSASSA-PSS for channel bindings The existing code to determine the hash algorithm for a certificate does not handle RSASSA-PSS signatures as the hash algorithm is configurable for RSASSA-PSS. OpenSSL 1.1.1 introduced the x509_get_signature_info() function, which is able to determine the hash algorithm even for RSASSA-PSS. This uses x509_get_signature_info() whenever building against OpenSSL 1.1.1 or above. This is similar to the fix used in Postgres when faced with the same issue. Testing: - Added a test certificate that uses RSASSA-PSS and a test case in cert-test to verify that it can determine the hash algorithm used Change-Id: I26a25a43d778fd2f2fcf293ecb199133c675212b --- M src/kudu/security/cert-test.cc M src/kudu/security/cert.cc M src/kudu/security/cert.h M src/kudu/security/test/test_certs.cc M src/kudu/security/test/test_certs.h 5 files changed, 123 insertions(+), 4 deletions(-) git pull ssh://gerrit.cloudera.org:29418/kudu refs/changes/10/22910/1 -- To view, visit http://gerrit.cloudera.org:8080/22910 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: kudu Gerrit-Branch: master Gerrit-MessageType: newchange Gerrit-Change-Id: I26a25a43d778fd2f2fcf293ecb199133c675212b Gerrit-Change-Number: 22910 Gerrit-PatchSet: 1 Gerrit-Owner: Joe McDonnell <[email protected]>
