Commit 9ff33ca7 (ovs-pki: Use SHA-512 instead of MD5 as message
digest.) changes the message digest algorithm to SHA-512. This
seems to break the unit tests on some xenserver 5.6/6.0 builds
causing the error: "SSL_connect: error:0D0C50A1:asn1 encoding
routines:ASN1_item_verify:unknown message digest algorithm".
As a solution, this commit changes the message digest algorithm
to SHA-1 which works for both the above xenserver builds and
centos 7.
VMware-BZ: #1319116
Acked-by: Alex Wang <al...@nicira.com>
---
NEWS | 2 +-
utilities/ovs-pki.in | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/NEWS b/NEWS
index f9ea90f..a8bd45b 100644
--- a/NEWS
+++ b/NEWS
@@ -20,7 +20,7 @@ Post-v2.3.0
* "resubmit" actions may now be included in action sets. The resubmit
is executed last, and only if the action set has no "output" or "group"
action.
- - ovs-pki: Changed message digest algorithm from MD5 to SHA-512 because
+ - ovs-pki: Changed message digest algorithm from MD5 to SHA-1 because
MD5 is no longer secure and some operating systems have started to disable
it in OpenSSL.
- ovsdb-server: New OVSDB protocol extension allows inequality tests on
diff --git a/utilities/ovs-pki.in b/utilities/ovs-pki.in
index 510f811..4705178 100755
--- a/utilities/ovs-pki.in
+++ b/utilities/ovs-pki.in
@@ -274,7 +274,7 @@ private_key = $dir/private/cakey.pem# CA private key
RANDFILE = $dir/private/.rand # random number file
default_days = 3650 # how long to certify for
default_crl_days= 30 # how long before next CRL
-default_md = sha512 # message digest to use
+default_md = sha1 # message digest to use
policy = policy # default policy
email_in_dn = no # Don't add the email into cert DN
name_opt = ca_default # Subject name display option
--
1.7.9.5
_______________________________________________
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev
