Alexey Serbin has uploaded this change for review. ( http://gerrit.cloudera.org:8080/23690
Change subject: KUDU-3716 Add version to IPKI CA CSR ...................................................................... KUDU-3716 Add version to IPKI CA CSR OpenSSL 3.4.0 added a version check to certificate signing that causes signing previously working CSRs to fail with the below error: Runtime error: failed to self-sign cert: CSR signature verification error: error:05800091:x509 certificate routines::unsupported version:crypto/x509/x_all.c:47:X509_REQ_verify_ex This patch fixes this problem by setting the version on the CSR. While X509_REQ_set_version() has been there since forever, the version constant X509_REQ_VERSION_1 was added only in OpenSSL 3.0, so this X509_REQ_set_version() call is added only in OpenSSL >= 3.0. Change-Id: I735a56d444009a867fbcab9b78d0053cea593b95 Reviewed-on: http://gerrit.cloudera.org:8080/23681 Reviewed-by: Alexey Serbin <[email protected]> Reviewed-by: Ashwani Raina <[email protected]> Tested-by: Attila Bukor <[email protected]> (cherry picked from commit 879a8f9e2a94f36f1019d7201617fb61d88e9701) --- M src/kudu/security/ca/cert_management-test.cc M src/kudu/security/ca/cert_management.cc 2 files changed, 14 insertions(+), 0 deletions(-) git pull ssh://gerrit.cloudera.org:29418/kudu refs/changes/90/23690/1 -- To view, visit http://gerrit.cloudera.org:8080/23690 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: kudu Gerrit-Branch: branch-1.18.x Gerrit-MessageType: newchange Gerrit-Change-Id: I735a56d444009a867fbcab9b78d0053cea593b95 Gerrit-Change-Number: 23690 Gerrit-PatchSet: 1 Gerrit-Owner: Alexey Serbin <[email protected]> Gerrit-Reviewer: Attila Bukor <[email protected]>
