OpenStack Identity (keystone)

pki_setup on OpenSSL 0.9.x aborts

Bug #1209249 reported by Dirk Mueller on 2013-08-07

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	OpenStack Identity (keystone)	Fix Released	Low	Dirk Mueller	OpenStack Identity (keystone) 2013.2 "havana"

Bug Description

when running keystone-manage pki_setup on an older openssl installation, it aborts with the error message:

subprocess.CalledProcessError: Command '['openssl', 'ca', '-batch',
'-out', '/etc/keystone/ssl/certs/signing_cert.pem', '-config',
'/etc/keystone/ssl/certs/openssl.conf', '-days', '3650d', '-cert',
'/etc/keystone/ssl/certs/ca.pem', '-keyfile',
'/etc/keystone/ssl/certs/cakey.pem', '-infiles',
'/etc/keystone/ssl/certs/req.pem']' returned non-zero exit status 1
default is an unsupported message digest type

The reason is that support for a "default" message digest type was only added in recent openssl versions. it seems to be good enough to check for OpenSSL 1.0 to differentiate between old and new OpenSSL versions.

OpenStack Infra (hudson-openstack) on 2013-08-07

Changed in keystone:
assignee:	nobody → Dirk Mueller (dmllr)
status:	New → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2013-08-13: Fix merged to keystone (master)

Reviewed: https://review.openstack.org/36326
Committed: http://github.com/openstack/keystone/commit/837b26084dfbf87ac394fc34fad2cb7c8bfbc117
Submitter: Jenkins
Branch: master

commit 837b26084dfbf87ac394fc34fad2cb7c8bfbc117
Author: Dirk Mueller <email address hidden>
Date: Tue Jul 9 21:20:27 2013 +0200

Make pki_setup work with OpenSSL 0.9.x

    Support for "default" in default_md was only added
    in "recent" OpenSSL versions. Use sha1 (which is what
    "default" maps to anyway) for older openssl versions.

Also sync the generated openssl config file with
the defaults from OpenSSL 1.0 and newer.

Fixes: LP Bug #1209249
Change-Id: I4ba79dbfdfc2df81cfb0f1edde23d3fbc1384637

Changed in keystone:
status:	In Progress → Fix Committed

Dolph Mathews (dolph) on 2013-08-20

Changed in keystone:
importance:	Undecided → Low

Thierry Carrez (ttx) on 2013-09-05

Changed in keystone:
milestone:	none → havana-3
status:	Fix Committed → Fix Released

Thierry Carrez (ttx) on 2013-10-17

Changed in keystone:
milestone:	havana-3 → 2013.2

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.