msg digest changes to add Bens (blp) patch get reverted. utilities/ovs-pki utilities/ovs-pki.in openvswitch-2.3.0/tests/pki/controllerca/ca.cnf openvswitch-2.3.0/tests/pki/switchca/ca.cnf
files where default_md is assigned all revert after: (cd ~/rpmbuild/BUILD/openvswitch-2.3.0 && make clean && rpmbuild -bb rhel/openvswitch.spec) ne1 know what the correct file to change to have it propagate? revert as well * On Thu, Sep 18, 2014 at 10:09 PM, Ben Pfaff <b...@nicira.com> wrote: > This fixes numerous testsuite failures of the form "SSL_connect: > error:0D0C50A1:asn1 encoding routines:ASN1_item_verify:unknown message > digest algorithm" on systems that disable MD5 in OpenSSL. Centos 7 is one > example. Presumably it increase security as well for anyone who generates > certificates based on a new configuration created by the new ovs-pki. > > Reported-by: Robert Strickler <anomal...@gmail.com> > Signed-off-by: Ben Pfaff <b...@nicira.com> > --- > AUTHORS | 1 + > NEWS | 3 +++ > utilities/ovs-pki.in | 4 ++-- > 3 files changed, 6 insertions(+), 2 deletions(-) > > diff --git a/AUTHORS b/AUTHORS > index e3fe7ba..47bbd82 100644 > --- a/AUTHORS > +++ b/AUTHORS > @@ -268,6 +268,7 @@ Ralf Heiringhoff r...@frosty-geek.net > Ram Jothikumar rjothiku...@nicira.com > Ramana Reddy gtvrre...@gmail.com > Rob Sherwood rob.sherw...@bigswitch.com > +Robert Strickler anomal...@gmail.com > Roger Leigh rle...@codelibre.net > Rogério Vinhal Nunes > Roman Sokolkov rsokol...@gmail.com > diff --git a/NEWS b/NEWS > index 6cbb315..f9ea90f 100644 > --- a/NEWS > +++ b/NEWS > @@ -20,6 +20,9 @@ Post-v2.3.0 > * "resubmit" actions may now be included in action sets. The > resubmit > is executed last, and only if the action set has no "output" or > "group" > action. > + - ovs-pki: Changed message digest algorithm from MD5 to SHA-512 because > + MD5 is no longer secure and some operating systems have started to > disable > + it in OpenSSL. > - ovsdb-server: New OVSDB protocol extension allows inequality tests on > "optional scalar" columns. See ovsdb-server(1) for details. > - test-controller has been renamed ovs-testcontroller at request of > users > diff --git a/utilities/ovs-pki.in b/utilities/ovs-pki.in > index 6081a5e..8745355 100755 > --- a/utilities/ovs-pki.in > +++ b/utilities/ovs-pki.in > @@ -1,6 +1,6 @@ > #! /bin/sh > > -# Copyright (c) 2008, 2009, 2010, 2011, 2012, 2013 Nicira, Inc. > +# Copyright (c) 2008, 2009, 2010, 2011, 2012, 2013, 2014 Nicira, Inc. > # > # Licensed under the Apache License, Version 2.0 (the "License"); > # you may not use this file except in compliance with the License. > @@ -274,7 +274,7 @@ private_key = $dir/private/cakey.pem# CA private key > RANDFILE = $dir/private/.rand # random number file > default_days = 3650 # how long to certify for > default_crl_days= 30 # how long before next CRL > -default_md = md5 # md to use > +default_md = sha512 # md to use > policy = policy # default policy > email_in_dn = no # Don't add the email into cert DN > name_opt = ca_default # Subject name display option > -- > 1.9.1 > > _______________________________________________ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
