Convert encrypted SSL test keys to PKCS#8 format
Peter Eisentraut <peter@eisentraut.org>
Convert encrypted SSL test keys to PKCS#8 format OpenSSL in FIPS mode rejects several encrypted private keys used in the test suites ssl and ssl_passphrase_callback. This is because they are in a "traditional" OpenSSL format that uses MD5 for key generation. The fix is to convert them to the more standard PKCS#8 format that uses SHA1 for key derivation. This commit contains the converted keys, with the conversion done like this: openssl pkcs8 -topk8 -in src/test/modules/ssl_passphrase_callback/server.key -passin pass:FooBaR1 -out src/test/modules/ssl_passphrase_callback/server.key.new -passout pass:FooBaR1 mv src/test/modules/ssl_passphrase_callback/server.key.new src/test/modules/ssl_passphrase_callback/server.key etc., as well as updated build rules to generate the keys in the new format if they need to be regenerated. Reviewed-by: Jacob Champion <jchampion@timescale.com> Discussion: https://www.postgresql.org/message-id/flat/64de784b-8833-e055-3bd4-7420e6675351%40eisentraut.org
Files
| Path | Change | +/− |
|---|---|---|
| src/test/modules/ssl_passphrase_callback/Makefile | modified | +1 −1 |
| src/test/modules/ssl_passphrase_callback/meson.build | modified | +1 −1 |
| src/test/modules/ssl_passphrase_callback/server.key | modified | +30 −30 |
| src/test/ssl/ssl/client-encrypted-pem.key | modified | +30 −30 |
| src/test/ssl/sslfiles.mk | modified | +2 −2 |
| src/test/ssl/ssl/server-password.key | modified | +30 −30 |
Discussion
- Convert encrypted SSL test keys to PKCS#8 format 3 messages · 2023-08-22 → 2023-08-28