You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@couchdb.apache.org by va...@apache.org on 2018/07/16 21:03:07 UTC
[couchdb-documentation] branch master updated (4baf07d -> 478c529)
This is an automated email from the ASF dual-hosted git repository.
vatamane pushed a change to branch master
in repository https://gitbox.apache.org/repos/asf/couchdb-documentation.git.
from 4baf07d Merge pull request #293 from apache/fix/proxox
new 2214469 Add troubleshooting information for FIPS mode and workaround (#1171)
new 478c529 Fix trailing whitespace
The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
src/install/troubleshooting.rst | 27 +++++++++++++++++++++++++++
1 file changed, 27 insertions(+)
[couchdb-documentation] 01/02: Add troubleshooting information for
FIPS mode and workaround (#1171)
Posted by va...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
vatamane pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/couchdb-documentation.git
commit 221446968f2c279b95f6884c322ce05180c8430e
Author: rokek <82...@users.noreply.github.com>
AuthorDate: Mon Jul 16 16:37:02 2018 -0400
Add troubleshooting information for FIPS mode and workaround (#1171)
Fix formatting for troubleshooting FIPS mode error
Fix formatting for troubleshooting FIPS mode error
Fix formatting for troubleshooting FIPS mode error
Fix formatting for troubleshooting FIPS mode error
Fix formatting for troubleshooting FIPS mode error
---
src/install/troubleshooting.rst | 27 +++++++++++++++++++++++++++
1 file changed, 27 insertions(+)
diff --git a/src/install/troubleshooting.rst b/src/install/troubleshooting.rst
index 408d607..5d17dd4 100644
--- a/src/install/troubleshooting.rst
+++ b/src/install/troubleshooting.rst
@@ -276,6 +276,33 @@ the relevant CouchDB and then compact prior to replicating.
Alternatively, if the number of documents impacted is small, use filtered
replication to exclude only those documents.
+FIPS mode
+---------
+
+Operating systems can be configured to disallow the use of OpenSSL MD5 hash
+functions in order to prevent use of MD5 for cryptographic purposes. CouchDB
+makes use of MD5 hashes for verifying the integrity of data (and not for
+cryptography) and will not run without the ability to use MD5 hashes.
+
+The message below indicates that the operating system is running in "FIPS mode,"
+which among other restrictions does not allow the use of OpenSSL's MD5 funtions:
+
+.. code-block:: text
+
+ md5_dgst.c(82): OpenSSL internal error, assertion failed: Digest MD5 forbidden in FIPS mode!
+ [os_mon] memory supervisor port (memsup): Erlang has closed
+ [os_mon] cpu supervisor port (cpu_sup): Erlang has closed
+ Aborted
+
+A workaround for this is provided with the ``--erlang-md5`` compile flag. Use of
+the flag results in CouchDB substituting the OpenSSL MD5 function calls with
+equivalent calls to Erlang's built-in library ``erlang:md5.`` NOTE: there may be
+a performance penalty associated with this workaround.
+
+Because CouchDB does not make use of MD5 hashes for cryptographic purposes, this
+workaround does not defeat the purpose of "FIPS mode," provided that the system
+owner is aware of and consents to its use.
+
macOS Known Issues
====================
undefined error, exit_status 134
[couchdb-documentation] 02/02: Fix trailing whitespace
Posted by va...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
vatamane pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/couchdb-documentation.git
commit 478c529e94d39c4c3fb23ea46ab198721bc2a782
Author: rokek <82...@users.noreply.github.com>
AuthorDate: Mon Jul 16 16:58:56 2018 -0400
Fix trailing whitespace
---
src/install/troubleshooting.rst | 16 ++++++++--------
1 file changed, 8 insertions(+), 8 deletions(-)
diff --git a/src/install/troubleshooting.rst b/src/install/troubleshooting.rst
index 5d17dd4..b3758c6 100644
--- a/src/install/troubleshooting.rst
+++ b/src/install/troubleshooting.rst
@@ -279,12 +279,12 @@ replication to exclude only those documents.
FIPS mode
---------
-Operating systems can be configured to disallow the use of OpenSSL MD5 hash
-functions in order to prevent use of MD5 for cryptographic purposes. CouchDB
-makes use of MD5 hashes for verifying the integrity of data (and not for
+Operating systems can be configured to disallow the use of OpenSSL MD5 hash
+functions in order to prevent use of MD5 for cryptographic purposes. CouchDB
+makes use of MD5 hashes for verifying the integrity of data (and not for
cryptography) and will not run without the ability to use MD5 hashes.
-The message below indicates that the operating system is running in "FIPS mode,"
+The message below indicates that the operating system is running in "FIPS mode,"
which among other restrictions does not allow the use of OpenSSL's MD5 funtions:
.. code-block:: text
@@ -294,13 +294,13 @@ which among other restrictions does not allow the use of OpenSSL's MD5 funtions:
[os_mon] cpu supervisor port (cpu_sup): Erlang has closed
Aborted
-A workaround for this is provided with the ``--erlang-md5`` compile flag. Use of
-the flag results in CouchDB substituting the OpenSSL MD5 function calls with
+A workaround for this is provided with the ``--erlang-md5`` compile flag. Use of
+the flag results in CouchDB substituting the OpenSSL MD5 function calls with
equivalent calls to Erlang's built-in library ``erlang:md5.`` NOTE: there may be
a performance penalty associated with this workaround.
-Because CouchDB does not make use of MD5 hashes for cryptographic purposes, this
-workaround does not defeat the purpose of "FIPS mode," provided that the system
+Because CouchDB does not make use of MD5 hashes for cryptographic purposes, this
+workaround does not defeat the purpose of "FIPS mode," provided that the system
owner is aware of and consents to its use.
macOS Known Issues