Hi Stephen,
Stephen Gallagher <sgallagh@xxxxxxxxxx> wrote:
On Wed, Apr 6, 2022 at 10:43 AM Stephen Gallagher <sgallagh@xxxxxxxxxx>
wrote:
I put together a potential solution for testing this in ELN and
submitted an MR:
https://src.fedoraproject.org/rpms/crypto-policies/pull-request/10
It's a little bit heavy-handed of an approach, but it should work.
Please keep in mind that Fedora’s openssl package currently does not have
the patches that introduce the rh-allow-sha1-signatures option that would be
required to do this. Merging your pull request without this change will
cause all binaries that use OpenSSL 3.x (1.1 will ignore it) to fail to
start.
See https://bugzilla.redhat.com/show_bug.cgi?id=2070977 which tracks
implementing this. If you want to disable SHA-1 by default in ELN, we should
probably also have an option to re-enable it using an environment variable
for package build and test execution purposes. I’ll start working on this
now.
--
Clemens Lang
RHEL Crypto Team
Red Hat
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure