fcf8d547ef
RHEL tools complain about including packages into RHEL 10 if the version in RHEL 10 is older than the version in RHEL 9. So bump the .NET version so we can include it into the compose. Related: RHEL-25950 Related: RHEL-45214
35 lines
1.3 KiB
Diff
35 lines
1.3 KiB
Diff
From d7805229ffe6906cd0832c0482b963caf4b4fd82 Mon Sep 17 00:00:00 2001
|
|
From: Tom Deseyn <tom.deseyn@gmail.com>
|
|
Date: Wed, 28 Feb 2024 14:08:15 +0100
|
|
Subject: [PATCH] Allow certificate validation with SHA-1 signatures.
|
|
|
|
RHEL OpenSSL builds disable SHA-1 signatures. This causes certificate
|
|
validation to fail when using the X509_V_FLAG_CHECK_SS_SIGNATURE flag
|
|
with a chain where the last certificate uses a SHA-1 signature.
|
|
|
|
This removes X509_V_FLAG_CHECK_SS_SIGNATURE flag to have the default
|
|
OpenSSL behavior for certificate validation.
|
|
---
|
|
.../libs/System.Security.Cryptography.Native/pal_x509.c | 5 -----
|
|
1 file changed, 5 deletions(-)
|
|
|
|
diff --git a/src/runtime/src/native/libs/System.Security.Cryptography.Native/pal_x509.c b/src/runtime/src/native/libs/System.Security.Cryptography.Native/pal_x509.c
|
|
index 04c6ba06cd..2cd3413dae 100644
|
|
--- a/src/runtime/src/native/libs/System.Security.Cryptography.Native/pal_x509.c
|
|
+++ b/src/runtime/src/native/libs/System.Security.Cryptography.Native/pal_x509.c
|
|
@@ -272,11 +272,6 @@ int32_t CryptoNative_X509StoreCtxInit(X509_STORE_CTX* ctx, X509_STORE* store, X5
|
|
|
|
int32_t val = X509_STORE_CTX_init(ctx, store, x509, extraStore);
|
|
|
|
- if (val != 0)
|
|
- {
|
|
- X509_STORE_CTX_set_flags(ctx, X509_V_FLAG_CHECK_SS_SIGNATURE);
|
|
- }
|
|
-
|
|
return val;
|
|
}
|
|
|
|
--
|
|
2.43.2
|
|
|