Alexey Serbin has submitted this change and it was merged. ( http://gerrit.cloudera.org:8080/22935 )
Change subject: KUDU-3663: Support certificates signed with RSASSA-PSS for channel bindings ...................................................................... KUDU-3663: Support certificates signed with RSASSA-PSS for channel bindings The existing code to determine the hash algorithm for a certificate does not handle RSASSA-PSS signatures as the hash algorithm is configurable for RSASSA-PSS. OpenSSL 1.1.1 introduced the x509_get_signature_info() function, which is able to determine the hash algorithm even for RSASSA-PSS. This uses x509_get_signature_info() whenever building against OpenSSL 1.1.1 or above. This is similar to the fix used in Postgres when faced with the same issue. Testing: - Added a test certificate that uses RSASSA-PSS and a test case in cert-test to verify that it can determine the hash algorithm used Change-Id: I26a25a43d778fd2f2fcf293ecb199133c675212c Reviewed-on: http://gerrit.cloudera.org:8080/22910 Reviewed-by: Alexey Serbin <[email protected]> Tested-by: Alexey Serbin <[email protected]> (cherry picked from commit c1770c55063076c6e8304643fe7a5d6bd7836fe8) Reviewed-on: http://gerrit.cloudera.org:8080/22935 Reviewed-by: Abhishek Chennaka <[email protected]> --- M src/kudu/security/cert-test.cc M src/kudu/security/cert.cc M src/kudu/security/cert.h M src/kudu/security/test/test_certs.cc M src/kudu/security/test/test_certs.h 5 files changed, 132 insertions(+), 5 deletions(-) Approvals: Abhishek Chennaka: Looks good to me, approved Alexey Serbin: Verified -- To view, visit http://gerrit.cloudera.org:8080/22935 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: kudu Gerrit-Branch: branch-1.18.x Gerrit-MessageType: merged Gerrit-Change-Id: I26a25a43d778fd2f2fcf293ecb199133c675212c Gerrit-Change-Number: 22935 Gerrit-PatchSet: 2 Gerrit-Owner: Alexey Serbin <[email protected]> Gerrit-Reviewer: Abhishek Chennaka <[email protected]> Gerrit-Reviewer: Alexey Serbin <[email protected]> Gerrit-Reviewer: Joe McDonnell <[email protected]> Gerrit-Reviewer: Kudu Jenkins (120) Gerrit-Reviewer: Marton Greber <[email protected]>
