mir/ovs
2
0
Fork 0
mirror of https://github.com/openvswitch/ovs synced 2025-08-30 05:47:55 +00:00
Code Issues Releases Wiki Activity

ovs-pki: Use SHA-512 instead of MD5 as message digest.

Browse Source 
This fixes numerous testsuite failures of the form "SSL_connect:
error:0D0C50A1:asn1 encoding routines:ASN1_item_verify:unknown message
digest algorithm" on systems that disable MD5 in OpenSSL.  Centos 7 is one
example.  Presumably it increase security as well for anyone who generates
certificates based on a new configuration created by the new ovs-pki.

Reported-by: Robert Strickler <anomalyst@gmail.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
This commit is contained in:
Ben Pfaff 2014-09-19 16:17:09 -07:00
parent f2eee18911
commit 9ff33ca75e
3 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
AUTHORS
View File

@ -268,6 +268,7 @@ Ralf Heiringhoff ralf@frosty-geek.net
Ram Jothikumar rjothikumar@nicira.com Ram Jothikumar rjothikumar@nicira.com
Ramana Reddy gtvrreddy@gmail.com Ramana Reddy gtvrreddy@gmail.com
Rob Sherwood rob.sherwood@bigswitch.com Rob Sherwood rob.sherwood@bigswitch.com
Robert Strickler anomalyst@gmail.com
Roger Leigh rleigh@codelibre.net Roger Leigh rleigh@codelibre.net
Rogério Vinhal Nunes Rogério Vinhal Nunes
Roman Sokolkov rsokolkov@gmail.com Roman Sokolkov rsokolkov@gmail.com

3
NEWS
View File

@ -20,6 +20,9 @@ Post-v2.3.0
* "resubmit" actions may now be included in action sets. The resubmit * "resubmit" actions may now be included in action sets. The resubmit
is executed last, and only if the action set has no "output" or "group" is executed last, and only if the action set has no "output" or "group"
action. action.
- ovs-pki: Changed message digest algorithm from MD5 to SHA-512 because
MD5 is no longer secure and some operating systems have started to disable
it in OpenSSL.
- ovsdb-server: New OVSDB protocol extension allows inequality tests on - ovsdb-server: New OVSDB protocol extension allows inequality tests on
"optional scalar" columns. See ovsdb-server(1) for details. "optional scalar" columns. See ovsdb-server(1) for details.
- test-controller has been renamed ovs-testcontroller at request of users - test-controller has been renamed ovs-testcontroller at request of users

4
utilities/ovs-pki.in
View File

@ -1,6 +1,6 @@
#! /bin/sh #! /bin/sh
# Copyright (c) 2008, 2009, 2010, 2011, 2012, 2013 Nicira, Inc. # Copyright (c) 2008, 2009, 2010, 2011, 2012, 2013, 2014 Nicira, Inc.
# #
# Licensed under the Apache License, Version 2.0 (the "License"); # Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License. # you may not use this file except in compliance with the License.
@ -274,7 +274,7 @@ private_key = $dir/private/cakey.pem# CA private key
RANDFILE = $dir/private/.rand # random number file RANDFILE = $dir/private/.rand # random number file
default_days = 3650 # how long to certify for default_days = 3650 # how long to certify for
default_crl_days= 30 # how long before next CRL default_crl_days= 30 # how long before next CRL
default_md = md5 # md to use default_md = sha512 # message digest to use
policy = policy # default policy policy = policy # default policy
email_in_dn = no # Don't add the email into cert DN email_in_dn = no # Don't add the email into cert DN
name_opt = ca_default # Subject name display option name_opt = ca_default # Subject name display option