On Wed, 10 Aug 2016 at 2:37pm, Joshua Baker-LePain wrote
08/10/2016 14:01:12|listen|head7|E|commlib error: ssl accept error (ssl
accept error for client "head7")
08/10/2016 14:01:12|listen|head7|E|commlib error: ssl error ([ID=d0c50a1] in
module "asn1 encoding routines": "unknown message digest algorithm")
I see a few other reports of this in the list archives, but no solution. Can
this be made to work? Thanks.
Just in case *anyone* else ever wants to do this, the fix is rather
simple. The SSL certs created by sge_ca default to "Signature Algorithm:
md5WithRSAEncryption". Obviously this has been deprecated in the version
of openssl that ships with CentOS-7. I simply edited
$SGE_ROOT/util/sgeCA/sge_ca and changed a single line (line 1887) from
md="-md md5"
to
md="-md sha256"
Now the certs have "Signature Algorithm: sha256WithRSAEncryption" and
sge_qmaster fires right up.
Is it worth reporting this to sge-bugs? Or is CSP on the way to being
deprecated?
--
Joshua Baker-LePain
QB3 Shared Cluster Sysadmin
UCSF
_______________________________________________
users mailing list
[email protected]
https://gridengine.org/mailman/listinfo/users
