You are viewing a plain text version of this content. The canonical link for it is here.
Posted to reviews@kudu.apache.org by "Attila Bukor (Code Review)" <ge...@cloudera.org> on 2020/10/29 15:10:52 UTC
[kudu-CR] KUDU-3210 Disable digest authn in FIPS mode
Hello Alexey Serbin, Kudu Jenkins, Andrew Wong, Grant Henke, Wenzhe Zhou,
I'd like you to reexamine a change. Please visit
http://gerrit.cloudera.org:8080/16675
to look at the new patch set (#2).
Change subject: KUDU-3210 Disable digest authn in FIPS mode
......................................................................
KUDU-3210 Disable digest authn in FIPS mode
The webserver supports digest authentication, which is considered
insecure as it's based on MD5. This doesn't comply with FIPS 140-2, so
it needs to be disabled in FIPS approved mode.
Squeasel also used to roll its own MD5 implementation instead of using
OpenSSL's implementation. This commit also bumps the Squeasel version to
the most recent commit that already removes the MD5 implementation in
favor of OpenSSL's one. This is useful in case we need to catch some
other non-FIPS-compliant usages in the future. This new version no
longer supports PROPFIND and MKCOL methods, which we fortunately didn't
use, but string matched the list of supported methods in tests.
Change-Id: I4a446aa8d95a67658c727d3a6f85943d64c79ecf
---
M src/kudu/server/webserver-test.cc
M src/kudu/server/webserver.cc
M thirdparty/vars.sh
3 files changed, 29 insertions(+), 9 deletions(-)
git pull ssh://gerrit.cloudera.org:29418/kudu refs/changes/75/16675/2
--
To view, visit http://gerrit.cloudera.org:8080/16675
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-MessageType: newpatchset
Gerrit-Change-Id: I4a446aa8d95a67658c727d3a6f85943d64c79ecf
Gerrit-Change-Number: 16675
Gerrit-PatchSet: 2
Gerrit-Owner: Attila Bukor <ab...@apache.org>
Gerrit-Reviewer: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Andrew Wong <aw...@cloudera.com>
Gerrit-Reviewer: Attila Bukor <ab...@apache.org>
Gerrit-Reviewer: Grant Henke <gr...@apache.org>
Gerrit-Reviewer: Kudu Jenkins (120)
Gerrit-Reviewer: Wenzhe Zhou <wz...@cloudera.com>