yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1209249] Re: pki_setup on OpenSSL 0.9.x aborts

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Thierry Carrez <thierry.carrez+lp@xxxxxxxxx>
Date: Thu, 05 Sep 2013 09:26:32 -0000
Reply-to: Bug 1209249 <1209249@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Changed in: keystone
       Status: Fix Committed => Fix Released

** Changed in: keystone
    Milestone: None => havana-3

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1209249

Title:
  pki_setup on OpenSSL 0.9.x aborts

Status in OpenStack Identity (Keystone):
  Fix Released

Bug description:
  when running keystone-manage pki_setup on an older openssl
  installation, it aborts with the error message:

  subprocess.CalledProcessError: Command '['openssl', 'ca', '-batch',
  '-out', '/etc/keystone/ssl/certs/signing_cert.pem', '-config',
  '/etc/keystone/ssl/certs/openssl.conf', '-days', '3650d', '-cert',
  '/etc/keystone/ssl/certs/ca.pem', '-keyfile',
  '/etc/keystone/ssl/certs/cakey.pem', '-infiles',
  '/etc/keystone/ssl/certs/req.pem']' returned non-zero exit status 1
  default is an unsupported message digest type

  The reason is that support for a "default" message digest type was
  only added in recent openssl versions. it seems to be good enough to
  check for OpenSSL 1.0 to differentiate between old and new OpenSSL
  versions.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1209249/+subscriptions