You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@ignite.apache.org by "Ivan Daschinskiy (Jira)" <ji...@apache.org> on 2020/05/20 13:28:00 UTC

[jira] [Created] (IGNITE-13042) Update SSL certificates in C++ test suites to more secure signature

Ivan Daschinskiy created IGNITE-13042:
-----------------------------------------

             Summary: Update SSL certificates in C++ test suites to more secure signature
                 Key: IGNITE-13042
                 URL: https://issues.apache.org/jira/browse/IGNITE-13042
             Project: Ignite
          Issue Type: Test
          Components: platforms
            Reporter: Ivan Daschinskiy


When modern openssl is used (i.e  OpenSSL 1.1.1f, which is default for ubuntu 20.04, for example),  provided certificates are not accepted, because use sha1withRsaEncription signature, that is widely considered flaw. So certificates needs to be renewed.

Example error:

{code}
Connecting to 127.0.0.1:11110
140246535644992:error:140AB18E:SSL routines:SSL_CTX_use_certificate:ca md too weak:../ssl/ssl_rsa.c:310:
Failed to connect :Can not set client certificate file for secure connection: path /home/ivandasch/ignite/modules/platforms/cpp/thin-client-test/config/ssl/client_full.pem

{code}




--
This message was sent by Atlassian Jira
(v8.3.4#803005)