Abhishek Chennaka has uploaded this change for review. ( http://gerrit.cloudera.org:8080/22920
Change subject: KUDU-3663: Support certificates signed with RSASSA-PSS for channel bindings ...................................................................... KUDU-3663: Support certificates signed with RSASSA-PSS for channel bindings The existing code to determine the hash algorithm for a certificate does not handle RSASSA-PSS signatures as the hash algorithm is configurable for RSASSA-PSS. OpenSSL 1.1.1 introduced the x509_get_signature_info() function, which is able to determine the hash algorithm even for RSASSA-PSS. This uses x509_get_signature_info() whenever building against OpenSSL 1.1.1 or above. This is similar to the fix used in Postgres when faced with the same issue. Testing: - Added a test certificate that uses RSASSA-PSS and a test case in cert-test to verify that it can determine the hash algorithm used Change-Id: I26a25a43d778fd2f2fcf293ecb199133c675212b --- M src/kudu/security/cert-test.cc M src/kudu/security/cert.cc M src/kudu/security/cert.h M src/kudu/security/test/test_certs.cc M src/kudu/security/test/test_certs.h 5 files changed, 132 insertions(+), 5 deletions(-) git pull ssh://gerrit.cloudera.org:29418/kudu refs/changes/20/22920/1 -- To view, visit http://gerrit.cloudera.org:8080/22920 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: kudu Gerrit-Branch: branch-1.18.x Gerrit-MessageType: newchange Gerrit-Change-Id: I26a25a43d778fd2f2fcf293ecb199133c675212b Gerrit-Change-Number: 22920 Gerrit-PatchSet: 1 Gerrit-Owner: Abhishek Chennaka <[email protected]> Gerrit-Reviewer: Joe McDonnell <[email protected]>
