Delete unnecessary use of openssl legacy mode

- As the original PR (#66) and commit message explain, this legacy mode is only needed when using java 8. Since we have upgrade to java 17. This legacy mode is no longer needed. [#186629315]
pivotal · Dec 22, 2023 · 15759b2 · 15759b2
1 parent 2119c87
commit 15759b2
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 9 deletions.
diff --git a/jobs/credhub/templates/init_key_stores.erb b/jobs/credhub/templates/init_key_stores.erb
@@ -51,13 +51,6 @@ cat > ${PRIVATE_KEY_FILE} <<EOL
 <%= p('credhub.tls.private_key') %>
 EOL
 
-# legacy option is needed for openssl 3 + openjdk8 see https://github.com/pivotal/credhub-release/issues/65
-if openssl version | grep -q 3.0; then
-  LEGACY="-legacy"
-else
-  LEGACY=""
-fi
-
 # Use Fips 140-2 compatible encryption algorithm
 if [ -f "/proc/sys/crypto/fips_enabled" ]; then
   FIPS_OPTS="-certpbe PBE-SHA1-3DES -keypbe PBE-SHA1-3DES"
@@ -68,7 +61,7 @@ fi
 
 
 if [ -s ${CERT_FILE} ]; then
-    RANDFILE=/etc/sv/monit/.rnd openssl pkcs12 ${LEGACY} -export -in ${CERT_FILE} ${FIPS_OPTS} -inkey ${PRIVATE_KEY_FILE} -out cert.p12 -name ${CERT_ALIAS} \
+    RANDFILE=/etc/sv/monit/.rnd openssl pkcs12 -export -in ${CERT_FILE} ${FIPS_OPTS} -inkey ${PRIVATE_KEY_FILE} -out cert.p12 -name ${CERT_ALIAS} \
             -password pass:k0*l*s3cur1tyr0ck$
 
     ${JAVA_HOME}/bin/keytool -importkeystore \

diff --git a/spec/credhub/init_key_stores_spec.rb b/spec/credhub/init_key_stores_spec.rb
@@ -34,7 +34,7 @@
 
       it 'loads the TLS certificate' do
         script = template.render(manifest)
-        expect(script).to include('openssl pkcs12 ${LEGACY} -export -in')
+        expect(script).to include('openssl pkcs12 -export -in')
       end
 
       context 'when trusted CAs are provided' do