You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@ignite.apache.org by "Ivan Daschinskiy (Jira)" <ji...@apache.org> on 2020/05/20 13:28:00 UTC
[jira] [Created] (IGNITE-13042) Update SSL certificates in C++ test
suites to more secure signature
Ivan Daschinskiy created IGNITE-13042:
-----------------------------------------
Summary: Update SSL certificates in C++ test suites to more secure signature
Key: IGNITE-13042
URL: https://issues.apache.org/jira/browse/IGNITE-13042
Project: Ignite
Issue Type: Test
Components: platforms
Reporter: Ivan Daschinskiy
When modern openssl is used (i.e OpenSSL 1.1.1f, which is default for ubuntu 20.04, for example), provided certificates are not accepted, because use sha1withRsaEncription signature, that is widely considered flaw. So certificates needs to be renewed.
Example error:
{code}
Connecting to 127.0.0.1:11110
140246535644992:error:140AB18E:SSL routines:SSL_CTX_use_certificate:ca md too weak:../ssl/ssl_rsa.c:310:
Failed to connect :Can not set client certificate file for secure connection: path /home/ivandasch/ignite/modules/platforms/cpp/thin-client-test/config/ssl/client_full.pem
{code}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)