forked from rpms/openssl
SHA-1 signature shouldn't work in normal mode
Resolves: RHEL-36677
This commit is contained in:
parent
09b4e34fcf
commit
7d3d9af0c8
@ -132,7 +132,7 @@ index 630d339c35..6e4e9f5ae7 100644
|
||||
+ /* Warning: This patch differs from the same patch in CentOS and RHEL here,
|
||||
+ * because the default on Fedora is to allow SHA-1 and support disabling
|
||||
+ * it, while CentOS/RHEL disable it by default and allow enabling it. */
|
||||
+ ldsigs->allowed = 1;
|
||||
+ ldsigs->allowed = 0;
|
||||
+ return ldsigs;
|
||||
+}
|
||||
+
|
||||
@ -161,7 +161,7 @@ index 630d339c35..6e4e9f5ae7 100644
|
||||
+ /* Warning: This patch differs from the same patch in CentOS and RHEL here,
|
||||
+ * because the default on Fedora is to allow SHA-1 and support disabling
|
||||
+ * it, while CentOS/RHEL disable it by default and allow enabling it. */
|
||||
+ return ldsigs != NULL ? ldsigs->allowed : 1;
|
||||
+ return ldsigs != NULL ? ldsigs->allowed : 0;
|
||||
+}
|
||||
+
|
||||
+int ossl_ctx_legacy_digest_signatures_allowed_set(OSSL_LIB_CTX *libctx, int allow,
|
||||
|
@ -506,6 +506,8 @@ ln -s /etc/crypto-policies/back-ends/openssl_fips.config $RPM_BUILD_ROOT%{_sysco
|
||||
* Wed Jul 10 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.2.2-7
|
||||
- Disallow SHA1 at SECLEVEL2 in OpenSSL
|
||||
Resolves: RHEL-39962
|
||||
- SHA-1 signature shouldn't work in normal mode
|
||||
Resolves: RHEL-36677
|
||||
|
||||
* Mon Jul 01 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.2.2-6
|
||||
- Do not install ENGINE headers, man pages, and define OPENSSL_NO_ENGINE
|
||||
|
Loading…
Reference in New Issue
Block a user