diff --git a/0001-Fix-certificate-signature-algorithm-not-valid-904.patch b/0001-Fix-certificate-signature-algorithm-not-valid-904.patch new file mode 100644 index 0000000..7eb039a --- /dev/null +++ b/0001-Fix-certificate-signature-algorithm-not-valid-904.patch @@ -0,0 +1,48 @@ +From 8df7456ada0da95cfbaef4b4b8ecf4487f586c1b Mon Sep 17 00:00:00 2001 +From: Marco Fargetta +Date: Fri, 11 Nov 2022 10:15:32 +0100 +Subject: [PATCH] Fix certificate signature algorithm not valid (#904) + +--- + .../java/org/mozilla/jss/tests/GenerateTestCert.java | 9 +++++++-- + src/test/java/org/mozilla/jss/tests/SSLClientAuth.java | 4 ++-- + 2 files changed, 9 insertions(+), 4 deletions(-) + +diff --git a/src/test/java/org/mozilla/jss/tests/GenerateTestCert.java b/src/test/java/org/mozilla/jss/tests/GenerateTestCert.java +index 7af6125a2..623fe8385 100755 +--- a/src/test/java/org/mozilla/jss/tests/GenerateTestCert.java ++++ b/src/test/java/org/mozilla/jss/tests/GenerateTestCert.java +@@ -302,8 +302,13 @@ public class GenerateTestCert { + int rand, + SEQUENCE extensions) throws Exception { + +- AlgorithmIdentifier sigAlgID = new AlgorithmIdentifier(sigAlg.toOID()); +- ++ AlgorithmIdentifier sigAlgID = null; ++ if(keyType.equals("RSA")) { ++ sigAlgID = new AlgorithmIdentifier(sigAlg.toOID(), null); ++ } ++ else { ++ sigAlgID = new AlgorithmIdentifier(sigAlg.toOID()); ++ } + Name issuer = new Name(); + issuer.addCountryName("US"); + issuer.addOrganizationName("Mozilla"); +diff --git a/src/test/java/org/mozilla/jss/tests/SSLClientAuth.java b/src/test/java/org/mozilla/jss/tests/SSLClientAuth.java +index 53fc218d3..80fbe6b05 100644 +--- a/src/test/java/org/mozilla/jss/tests/SSLClientAuth.java ++++ b/src/test/java/org/mozilla/jss/tests/SSLClientAuth.java +@@ -46,8 +46,8 @@ public class SSLClientAuth implements Runnable { + public static Certificate makeCert(String issuerName, String subjectName, + int serialNumber, PrivateKey privKey, PublicKey pubKey, int rand, + SEQUENCE extensions) throws Exception { +- AlgorithmIdentifier sigAlgID = new AlgorithmIdentifier( sigAlg.toOID()); +- ++ AlgorithmIdentifier sigAlgID = new AlgorithmIdentifier( sigAlg.toOID(), null); ++ + Name issuer = new Name(); + issuer.addCountryName("US"); + issuer.addOrganizationName("Mozilla"); +-- +2.42.0 + diff --git a/jss.spec b/jss.spec index afb7716..3d57b51 100644 --- a/jss.spec +++ b/jss.spec @@ -13,7 +13,7 @@ License: MPLv1.1 or GPLv2+ or LGPLv2+ # For development (i.e. unsupported) releases, use x.y.z-0.n.. # For official (i.e. supported) releases, use x.y.z-r where r >=1. Version: %{major_version}.%{minor_version}.%{update_version} -Release: 1%{?_timestamp}%{?_commit_id}%{?dist} +Release: 2%{?_timestamp}%{?_commit_id}%{?dist} #global _phase -alpha1 # To generate the source tarball: @@ -31,6 +31,7 @@ Source: https://github.com/dogtagpki/%{name}/archive/v%{version}%{?_phas # \ # > jss-VERSION-RELEASE.patch # Patch: jss-VERSION-RELEASE.patch +Patch: 0001-Fix-certificate-signature-algorithm-not-valid-904.patch ################################################################################ # Java @@ -183,6 +184,9 @@ cd %{_vpath_builddir} ################################################################################ %changelog +* Tue Apr 16 2024 Red Hat PKI Team 4.9.4-2 +- RHEL-30062: Fix SSL_ERROR_HANDSHAKE_FAILED in unit test + * Wed Jun 01 2022 Red Hat PKI Team 4.9.4-1 - Rebase to JSS 4.9.4 - Bug 2013674 - JSS cannot be properly initialized after using another NSS-backed security provider