diff options
| author | Peter Eisentraut <peter@eisentraut.org> | 2023-08-22 09:26:36 +0200 |
|---|---|---|
| committer | Peter Eisentraut <peter@eisentraut.org> | 2023-08-28 07:37:43 +0200 |
| commit | 648c72956f980771c5a3686ee68c5e2c5b62a534 (patch) | |
| tree | 8bbc7ecb1dbb4a1324076d671d9cba5e0fc2b282 /src/backend/parser/parse_utilcmd.c | |
| parent | 617f9b7d4b10fec00a86802eeb34d7295c52d747 (diff) | |
| download | postgresql-648c72956f980771c5a3686ee68c5e2c5b62a534.tar.gz postgresql-648c72956f980771c5a3686ee68c5e2c5b62a534.zip | |
Convert encrypted SSL test keys to PKCS#8 format
OpenSSL in FIPS mode rejects several encrypted private keys used in
the test suites ssl and ssl_passphrase_callback. This is because they
are in a "traditional" OpenSSL format that uses MD5 for key
generation. The fix is to convert them to the more standard PKCS#8
format that uses SHA1 for key derivation.
This commit contains the converted keys, with the conversion done like
this:
openssl pkcs8 -topk8 -in src/test/modules/ssl_passphrase_callback/server.key -passin pass:FooBaR1 -out src/test/modules/ssl_passphrase_callback/server.key.new -passout pass:FooBaR1
mv src/test/modules/ssl_passphrase_callback/server.key.new src/test/modules/ssl_passphrase_callback/server.key
etc., as well as updated build rules to generate the keys in the new
format if they need to be regenerated.
Reviewed-by: Jacob Champion <jchampion@timescale.com>
Discussion: https://www.postgresql.org/message-id/flat/64de784b-8833-e055-3bd4-7420e6675351%40eisentraut.org
Diffstat (limited to 'src/backend/parser/parse_utilcmd.c')
0 files changed, 0 insertions, 0 deletions