forked from rpms/openssl
SHA-1 signature shouldn't work in normal mode
Resolves: RHEL-36677
This commit is contained in:
parent
09b4e34fcf
commit
7d3d9af0c8
@ -132,7 +132,7 @@ index 630d339c35..6e4e9f5ae7 100644
|
|||||||
+ /* Warning: This patch differs from the same patch in CentOS and RHEL here,
|
+ /* Warning: This patch differs from the same patch in CentOS and RHEL here,
|
||||||
+ * because the default on Fedora is to allow SHA-1 and support disabling
|
+ * because the default on Fedora is to allow SHA-1 and support disabling
|
||||||
+ * it, while CentOS/RHEL disable it by default and allow enabling it. */
|
+ * it, while CentOS/RHEL disable it by default and allow enabling it. */
|
||||||
+ ldsigs->allowed = 1;
|
+ ldsigs->allowed = 0;
|
||||||
+ return ldsigs;
|
+ return ldsigs;
|
||||||
+}
|
+}
|
||||||
+
|
+
|
||||||
@ -161,7 +161,7 @@ index 630d339c35..6e4e9f5ae7 100644
|
|||||||
+ /* Warning: This patch differs from the same patch in CentOS and RHEL here,
|
+ /* Warning: This patch differs from the same patch in CentOS and RHEL here,
|
||||||
+ * because the default on Fedora is to allow SHA-1 and support disabling
|
+ * because the default on Fedora is to allow SHA-1 and support disabling
|
||||||
+ * it, while CentOS/RHEL disable it by default and allow enabling it. */
|
+ * it, while CentOS/RHEL disable it by default and allow enabling it. */
|
||||||
+ return ldsigs != NULL ? ldsigs->allowed : 1;
|
+ return ldsigs != NULL ? ldsigs->allowed : 0;
|
||||||
+}
|
+}
|
||||||
+
|
+
|
||||||
+int ossl_ctx_legacy_digest_signatures_allowed_set(OSSL_LIB_CTX *libctx, int allow,
|
+int ossl_ctx_legacy_digest_signatures_allowed_set(OSSL_LIB_CTX *libctx, int allow,
|
||||||
|
@ -506,6 +506,8 @@ ln -s /etc/crypto-policies/back-ends/openssl_fips.config $RPM_BUILD_ROOT%{_sysco
|
|||||||
* Wed Jul 10 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.2.2-7
|
* Wed Jul 10 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.2.2-7
|
||||||
- Disallow SHA1 at SECLEVEL2 in OpenSSL
|
- Disallow SHA1 at SECLEVEL2 in OpenSSL
|
||||||
Resolves: RHEL-39962
|
Resolves: RHEL-39962
|
||||||
|
- SHA-1 signature shouldn't work in normal mode
|
||||||
|
Resolves: RHEL-36677
|
||||||
|
|
||||||
* Mon Jul 01 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.2.2-6
|
* Mon Jul 01 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.2.2-6
|
||||||
- Do not install ENGINE headers, man pages, and define OPENSSL_NO_ENGINE
|
- Do not install ENGINE headers, man pages, and define OPENSSL_NO_ENGINE
|
||||||
|
Loading…
Reference in New Issue
Block a user