On systems with OpenSSL sha1 disabled, the sign-verify.test fails:
- openssl dgst -sha1 sha1.txt
- openssl dgst -sha1 -sign test-rsa1024.key -hex sha1.txt
Error setting context
804BD5CF787F0000:error:03000098:digital envelope routines:do_sigver_init:invalid digest:crypto/evp/m_sigver.c:343:
sha1 (test-rsa1024.key) test is skipped (openssl is unable to sign)
Instead of enabling sha1 support on these systems by setting the environment
variable OPENSSL_ENABLE_SHA1_SIGNATURES, generate a sha256 certificate.
Signed-off-by: Mimi Zohar <zohar@xxxxxxxxxxxxx>
---
tests/gen-keys.sh | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/tests/gen-keys.sh b/tests/gen-keys.sh
index 1a6c22a2f3c4..8905cdf2d216 100755
--- a/tests/gen-keys.sh
+++ b/tests/gen-keys.sh
@@ -71,7 +71,7 @@ for m in 1024 1024_skid 2048; do
ext=
fi
if [ ! -e test-rsa$m.key ]; then
- log openssl req -verbose -new -nodes -utf8 -sha1 -days 10000 -batch -x509 $ext \
+ log openssl req -verbose -new -nodes -utf8 -sha256 -days 10000 -batch -x509 $ext \
-config test-ca.conf \
-newkey rsa:$bits \
-out test-rsa$m.cer -outform DER \
@@ -93,7 +93,7 @@ for curve in prime192v1 prime256v1; do
continue
fi
if [ ! -e test-$curve.key ]; then
- log openssl req -verbose -new -nodes -utf8 -sha1 -days 10000 -batch -x509 \
+ log openssl req -verbose -new -nodes -utf8 -sha256 -days 10000 -batch -x509 \
-config test-ca.conf \
-newkey ec \
-pkeyopt ec_paramgen_curve:$curve \
--
2.31.1
