Joe McDonnell has posted comments on this change. ( http://gerrit.cloudera.org:8080/22910 )
Change subject: PROTOTYPE: Support certificates signed with RSASSA-PSS for channel bindings ...................................................................... Patch Set 2: (1 comment) http://gerrit.cloudera.org:8080/#/c/22910/2/src/kudu/security/cert.cc File src/kudu/security/cert.cc: http://gerrit.cloudera.org:8080/#/c/22910/2/src/kudu/security/cert.cc@200 PS2, Line 200: OBJ_find_sigid_algs(signature_nid, &digest_nid, NULL); > I just took a look at OpenSSL 1.0.2 source code and it indeed has NID_rsass Yeah, I think it is possible to implement similar support for OpenSSL 1.0.2 with enough transplanted logic. I avoided doing that, because it was a lot of transplanted logic and OpenSSL 1.0.2 is used by distributions that are EOL or almost EOL. RSASSA-PSS is exotic and the issue that prompted this was on modern OpenSSL. I'll add a better error message for RSASSA-PSS on OpenSSL 1.0.2. -- To view, visit http://gerrit.cloudera.org:8080/22910 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: kudu Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: I26a25a43d778fd2f2fcf293ecb199133c675212b Gerrit-Change-Number: 22910 Gerrit-PatchSet: 2 Gerrit-Owner: Joe McDonnell <[email protected]> Gerrit-Reviewer: Alexey Serbin <[email protected]> Gerrit-Reviewer: Jason Fehr <[email protected]> Gerrit-Reviewer: Joe McDonnell <[email protected]> Gerrit-Reviewer: Kudu Jenkins (120) Gerrit-Comment-Date: Mon, 19 May 2025 18:09:53 +0000 Gerrit-HasComments: Yes
