On 08/29/2017 05:25 PM, Daniel P. Berrange wrote: > With gnutls 3.6.0, SHA1 is no longer accepted for certificate > signatures. We must usw SHA256 instead. > > Signed-off-by: Daniel P. Berrange <berrange@xxxxxxxxxx> > --- > tests/virnettlshelpers.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/tests/virnettlshelpers.c b/tests/virnettlshelpers.c > index 531d0b907..b735c4e2f 100644 > --- a/tests/virnettlshelpers.c > +++ b/tests/virnettlshelpers.c > @@ -384,7 +384,7 @@ testTLSGenerateCert(struct testTLSCertReq *req, > * If no 'ca' is set then we are self signing > * the cert. This is done for the root CA certs > */ > - if ((err = gnutls_x509_crt_sign(crt, ca ? ca : crt, privkey)) < 0) { > + if ((err = gnutls_x509_crt_sign2(crt, ca ? ca : crt, privkey, GNUTLS_DIG_SHA256, 0)) < 0) { > VIR_WARN("Failed to sign certificate %s", gnutls_strerror(err)); > abort(); > } > ACK and safe for the freeze. Michal -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list