mirror of
https://github.com/postgres/postgres.git
synced 2026-03-10 10:11:28 -04:00
648c72956f
OpenSSL in FIPS mode rejects several encrypted private keys used in the test suites ssl and ssl_passphrase_callback. This is because they are in a "traditional" OpenSSL format that uses MD5 for key generation. The fix is to convert them to the more standard PKCS#8 format that uses SHA1 for key derivation. This commit contains the converted keys, with the conversion done like this: openssl pkcs8 -topk8 -in src/test/modules/ssl_passphrase_callback/server.key -passin pass:FooBaR1 -out src/test/modules/ssl_passphrase_callback/server.key.new -passout pass:FooBaR1 mv src/test/modules/ssl_passphrase_callback/server.key.new src/test/modules/ssl_passphrase_callback/server.key etc., as well as updated build rules to generate the keys in the new format if they need to be regenerated. Reviewed-by: Jacob Champion <jchampion@timescale.com> Discussion: https://www.postgresql.org/message-id/flat/64de784b-8833-e055-3bd4-7420e6675351%40eisentraut.org |
||
|---|---|---|
| .. | ||
| t | ||
| .gitignore | ||
| Makefile | ||
| meson.build | ||
| server.crt | ||
| server.key | ||
| ssl_passphrase_func.c | ||