Convert encrypted SSL test keys to PKCS#8 format
OpenSSL in FIPS mode rejects several encrypted private keys used in
the test suites ssl and ssl_passphrase_callback. This is because they
are in a "traditional" OpenSSL format that uses MD5 for key
generation. The fix is to convert them to the more standard PKCS#8
format that uses SHA1 for key derivation.
This commit contains the converted keys, with the conversion done like
this:
openssl pkcs8 -topk8 -in src/test/modules/ssl_passphrase_callback/server.key -passin pass:FooBaR1 -out
src/test/modules/ssl_passphrase_callback/server.key.new-passout pass:FooBaR1
mv src/test/modules/ssl_passphrase_callback/server.key.new src/test/modules/ssl_passphrase_callback/server.key
etc., as well as updated build rules to generate the keys in the new
format if they need to be regenerated.
Reviewed-by: Jacob Champion <jchampion@timescale.com>
Discussion: https://www.postgresql.org/message-id/flat/64de784b-8833-e055-3bd4-7420e6675351%40eisentraut.org
Branch
------
master
Details
-------
https://git.postgresql.org/pg/commitdiff/648c72956f980771c5a3686ee68c5e2c5b62a534
Modified Files
--------------
src/test/modules/ssl_passphrase_callback/Makefile | 2 +-
.../modules/ssl_passphrase_callback/meson.build | 2 +-
.../modules/ssl_passphrase_callback/server.key | 60 +++++++++++-----------
src/test/ssl/ssl/client-encrypted-pem.key | 60 +++++++++++-----------
src/test/ssl/ssl/server-password.key | 60 +++++++++++-----------
src/test/ssl/sslfiles.mk | 4 +-
6 files changed, 94 insertions(+), 94 deletions(-)