You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@ignite.apache.org by "Ignite TC Bot (Jira)" <ji...@apache.org> on 2020/06/23 08:44:00 UTC
[jira] [Commented] (IGNITE-13042) Update SSL certificates in C++
test suites to more secure signature
[ https://issues.apache.org/jira/browse/IGNITE-13042?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17142744#comment-17142744 ]
Ignite TC Bot commented on IGNITE-13042:
----------------------------------------
{panel:title=Branch: [pull/7954/head] Base: [master] : Possible Blockers (1)|borderStyle=dashed|borderColor=#ccc|titleBGColor=#F7D6C1}
{color:#d04437}Platform C++ (Win x64 / Debug){color} [[tests 0 BuildFailureOnMessage |https://ci.ignite.apache.org/viewLog.html?buildId=5410974]]
{panel}
[TeamCity *-> Run :: CPP* Results|https://ci.ignite.apache.org/viewLog.html?buildId=5410979&buildTypeId=IgniteTests24Java8_RunCpp]
> Update SSL certificates in C++ test suites to more secure signature
> -------------------------------------------------------------------
>
> Key: IGNITE-13042
> URL: https://issues.apache.org/jira/browse/IGNITE-13042
> Project: Ignite
> Issue Type: Test
> Components: platforms
> Reporter: Ivan Daschinskiy
> Assignee: Igor Sapego
> Priority: Minor
> Time Spent: 10m
> Remaining Estimate: 0h
>
> When modern openssl is used (i.e OpenSSL 1.1.1f, which is default for ubuntu 20.04, for example), provided certificates are not accepted, because Sha1WithRSAEncryption signature is used, that is widely considered flaw. So certificates needs to be renewed (i.e. with sha256WithRSAEncryption signature)
> Example error:
> {code}
> Connecting to 127.0.0.1:11110
> 140246535644992:error:140AB18E:SSL routines:SSL_CTX_use_certificate:ca md too weak:../ssl/ssl_rsa.c:310:
> Failed to connect :Can not set client certificate file for secure connection: path /home/ivandasch/ignite/modules/platforms/cpp/thin-client-test/config/ssl/client_full.pem
> {code}
> Affected ignite-odbc-tests and ignite-thin-client-tests
--
This message was sent by Atlassian Jira
(v8.3.4#803005)