Thread: pgsql: Convert encrypted SSL test keys to PKCS#8 format
Convert encrypted SSL test keys to PKCS#8 format OpenSSL in FIPS mode rejects several encrypted private keys used in the test suites ssl and ssl_passphrase_callback. This is because they are in a "traditional" OpenSSL format that uses MD5 for key generation. The fix is to convert them to the more standard PKCS#8 format that uses SHA1 for key derivation. This commit contains the converted keys, with the conversion done like this: openssl pkcs8 -topk8 -in src/test/modules/ssl_passphrase_callback/server.key -passin pass:FooBaR1 -out src/test/modules/ssl_passphrase_callback/server.key.new-passout pass:FooBaR1 mv src/test/modules/ssl_passphrase_callback/server.key.new src/test/modules/ssl_passphrase_callback/server.key etc., as well as updated build rules to generate the keys in the new format if they need to be regenerated. Reviewed-by: Jacob Champion <jchampion@timescale.com> Discussion: https://www.postgresql.org/message-id/flat/64de784b-8833-e055-3bd4-7420e6675351%40eisentraut.org Branch ------ master Details ------- https://git.postgresql.org/pg/commitdiff/648c72956f980771c5a3686ee68c5e2c5b62a534 Modified Files -------------- src/test/modules/ssl_passphrase_callback/Makefile | 2 +- .../modules/ssl_passphrase_callback/meson.build | 2 +- .../modules/ssl_passphrase_callback/server.key | 60 +++++++++++----------- src/test/ssl/ssl/client-encrypted-pem.key | 60 +++++++++++----------- src/test/ssl/ssl/server-password.key | 60 +++++++++++----------- src/test/ssl/sslfiles.mk | 4 +- 6 files changed, 94 insertions(+), 94 deletions(-)