Uploaded image for project: 'Ignite'
  1. Ignite
  2. IGNITE-13042

Update SSL certificates in C++ test suites to more secure signature

    XMLWordPrintableJSON

Details

    • Test
    • Status: Resolved
    • Minor
    • Resolution: Fixed
    • 2.8.1
    • 2.9
    • platforms
    • None

    Description

      When modern openssl is used (i.e OpenSSL 1.1.1f, which is default for ubuntu 20.04, for example), provided certificates are not accepted, because Sha1WithRSAEncryption signature is used, that is widely considered flaw. So certificates needs to be renewed (i.e. with sha256WithRSAEncryption signature)

      Example error:

      Connecting to 127.0.0.1:11110
140246535644992:error:140AB18E:SSL routines:SSL_CTX_use_certificate:ca md too weak:../ssl/ssl_rsa.c:310:
Failed to connect :Can not set client certificate file for secure connection: path /home/ivandasch/ignite/modules/platforms/cpp/thin-client-test/config/ssl/client_full.pem

      Affected ignite-odbc-tests and ignite-thin-client-tests

      Attachments

        Issue Links

          links to

          Web Link GitHub Pull Request #7954

          Activity

            People

              isapego Igor Sapego
              ivandasch Ivan Daschinsky
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 20m
                  20m