From: | Peter Eisentraut <peter(at)eisentraut(dot)org> |
---|---|
To: | pgsql-committers(at)lists(dot)postgresql(dot)org |
Subject: | pgsql: Convert encrypted SSL test keys to PKCS#8 format |
Date: | 2023-08-28 05:38:28 |
Message-ID: | E1qaUxH-001IXG-L4@gemulon.postgresql.org |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-committers |
Convert encrypted SSL test keys to PKCS#8 format
OpenSSL in FIPS mode rejects several encrypted private keys used in
the test suites ssl and ssl_passphrase_callback. This is because they
are in a "traditional" OpenSSL format that uses MD5 for key
generation. The fix is to convert them to the more standard PKCS#8
format that uses SHA1 for key derivation.
This commit contains the converted keys, with the conversion done like
this:
openssl pkcs8 -topk8 -in src/test/modules/ssl_passphrase_callback/server.key -passin pass:FooBaR1 -out src/test/modules/ssl_passphrase_callback/server.key.new -passout pass:FooBaR1
mv src/test/modules/ssl_passphrase_callback/server.key.new src/test/modules/ssl_passphrase_callback/server.key
etc., as well as updated build rules to generate the keys in the new
format if they need to be regenerated.
Reviewed-by: Jacob Champion <jchampion(at)timescale(dot)com>
Discussion: https://www.postgresql.org/message-id/flat/64de784b-8833-e055-3bd4-7420e6675351%40eisentraut.org
Branch
------
master
Details
-------
https://git.postgresql.org/pg/commitdiff/648c72956f980771c5a3686ee68c5e2c5b62a534
Modified Files
--------------
src/test/modules/ssl_passphrase_callback/Makefile | 2 +-
.../modules/ssl_passphrase_callback/meson.build | 2 +-
.../modules/ssl_passphrase_callback/server.key | 60 +++++++++++-----------
src/test/ssl/ssl/client-encrypted-pem.key | 60 +++++++++++-----------
src/test/ssl/ssl/server-password.key | 60 +++++++++++-----------
src/test/ssl/sslfiles.mk | 4 +-
6 files changed, 94 insertions(+), 94 deletions(-)
From | Date | Subject | |
---|---|---|---|
Next Message | Peter Eisentraut | 2023-08-28 07:28:40 | pgsql: Translation updates |
Previous Message | Michael Paquier | 2023-08-28 05:28:02 | pgsql: Tighten unit parsing in internal values |