pki_setup on OpenSSL 0.9.x aborts
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Identity (keystone) |
Fix Released
|
Low
|
Dirk Mueller |
Bug Description
when running keystone-manage pki_setup on an older openssl installation, it aborts with the error message:
subprocess.
'-out', '/etc/keystone/
'/etc/keystone/
'/etc/keystone/
'/etc/keystone/
'/etc/keystone/
default is an unsupported message digest type
The reason is that support for a "default" message digest type was only added in recent openssl versions. it seems to be good enough to check for OpenSSL 1.0 to differentiate between old and new OpenSSL versions.
Changed in keystone: | |
assignee: | nobody → Dirk Mueller (dmllr) |
status: | New → In Progress |
Changed in keystone: | |
importance: | Undecided → Low |
Changed in keystone: | |
milestone: | none → havana-3 |
status: | Fix Committed → Fix Released |
Changed in keystone: | |
milestone: | havana-3 → 2013.2 |
Reviewed: https:/ /review. openstack. org/36326 github. com/openstack/ keystone/ commit/ 837b26084dfbf87 ac394fc34fad2cb 7c8bfbc117
Committed: http://
Submitter: Jenkins
Branch: master
commit 837b26084dfbf87 ac394fc34fad2cb 7c8bfbc117
Author: Dirk Mueller <email address hidden>
Date: Tue Jul 9 21:20:27 2013 +0200
Make pki_setup work with OpenSSL 0.9.x
Support for "default" in default_md was only added
in "recent" OpenSSL versions. Use sha1 (which is what
"default" maps to anyway) for older openssl versions.
Also sync the generated openssl config file with
the defaults from OpenSSL 1.0 and newer.
Fixes: LP Bug #1209249 81cfb0f1edde23d 3fbc1384637
Change-Id: I4ba79dbfdfc2df