[ovs-dev] Bug#828478: [PATCH v2] ovs-pki: Use SHA-512 instead of SHA-1 as message digest.

Adrian Bunk bunk at stusta.de
Sat Nov 12 11:14:45 UTC 2016


On Fri, Jul 22, 2016 at 01:28:19PM -0700, Ben Pfaff wrote:
> On Wed, Jul 13, 2016 at 10:06:53PM -0500, Ryan Moats wrote:
> > "dev" <dev-bounces at openvswitch.org> wrote on 07/01/2016 08:05:40 PM:
> > 
> > > From: Ben Pfaff <blp at ovn.org>
> > > To: dev at openvswitch.org
> > > Cc: Ben Pfaff <blp at ovn.org>, Kurt Roeckx <kurt at roeckx.be>,
> > > 828478 at bugs.debian.org
> > > Date: 07/01/2016 08:06 PM
> > > Subject: [ovs-dev] [PATCH v2] ovs-pki: Use SHA-512 instead of SHA-1
> > > as message digest.
> > > Sent by: "dev" <dev-bounces at openvswitch.org>
> > >
> > > The upcoming OpenSSL 1.1.0 release disables use of SHA-1, which breaks
> > the
> > > OVS unit tests, which use SHA-1.  We last tried to switch to SHA-512 in
> > > 2014 with commit 9ff33ca75e9fcc ("ovs-pki: Use SHA-512 instead of MD5 as
> > > message digest."), but we had to downgrade to SHA-1 in commit
> > 4a1f9610682d
> > > ("ovs-pki: Use SHA-1 instead of SHA-512 as message digest.") because
> > > XenServer did not support SHA-512.  It has been a few years, so let's try
> > > again.
> > >
> > > CC: 828478 at bugs.debian.org
> > > Reported-at: https://bugs.debian.org/828478
> > > Reported-by: Kurt Roeckx <kurt at roeckx.be>
> > > Signed-off-by: Ben Pfaff <blp at ovn.org>
> > > ---
> > 
> > I'm sorta surprised there's been no action on this...
> > 
> > I admit that I don't have XenServer to test against, but
> > if they still aren't supporting SHA-512, then this would be
> > another good reason for them to do so...
> > 
> > Acked-by: Ryan Moats <rmoats at us.ibm.com>
> 
> Thanks for the review, I applied this to master and branch-2.5.
> 
> Now I need to do a new Debian upload.

Building openvswitch in unstable with libssl-dev 1.1.0c-1 works for me,
even though 2.5.1~pre+git20160626-2 is older than your comment.

Is the version in unstable recent enough and this bug should be closed,
or is there anything pending to be uploaded?

cu
Adrian

-- 

       "Is there not promise of rain?" Ling Tan asked suddenly out
        of the darkness. There had been need of rain for many days.
       "Only a promise," Lao Er said.
                                       Pearl S. Buck - Dragon Seed



More information about the dev mailing list