From 1fb6097a2ab73ef897d011e7383d7f5f1bf6a1df Mon Sep 17 00:00:00 2001
From: Alexander Scheel <ascheel@redhat.com>
Date: Wed, 1 Jul 2020 12:41:20 -0400
Subject: [PATCH] Replace SHA-1 signature with SHA-256

A recent change in Fedora Rawhide's crypto-policies package caused
failures in the tests like the following:

    Exception in thread "main" java.io.IOException: SocketException cannot read on socket: Error reading from socket: (-12271) SSL peer cannot verify your certificate.
        at org.mozilla.jss.ssl.SSLSocket.read(SSLSocket.java:1494)
        at org.mozilla.jss.ssl.SSLInputStream.read(SSLInputStream.java:38)
        at org.mozilla.jss.ssl.SSLInputStream.read(SSLInputStream.java:25)
        at org.mozilla.jss.tests.SSLClientAuth.run(SSLClientAuth.java:435)
        at java.lang.Thread.run(Thread.java:748)
    Caused by: org.mozilla.jss.ssl.SSLSocketException: Error reading from socket: (-12271) SSL peer cannot verify your certificate.
        at org.mozilla.jss.ssl.SSLSocket.socketRead(Native Method)
        at org.mozilla.jss.ssl.SSLSocket.read(SSLSocket.java:1488)
        ... 4 more
    Server exiting
    org.mozilla.jss.ssl.SSLSocketException: SSL_ForceHandshake failed: (-8016) Unknown error
        at org.mozilla.jss.ssl.SSLSocket.forceHandshake(Native Method)
        at org.mozilla.jss.tests.SSLClientAuth.testConnection(SSLClientAuth.java:345)
        at org.mozilla.jss.tests.SSLClientAuth.doIt(SSLClientAuth.java:156)
        at org.mozilla.jss.tests.SSLClientAuth.main(SSLClientAuth.java:90)

This was caused by dropping SHA-1 as an allowed hash during handshakes.
However, because SSLClientAuth manually generated its certificate (and
explicitly asked for SHA-1), it failed.

Switch to SHA-256 instead.

Signed-off-by: Alexander Scheel <ascheel@redhat.com>
---
 org/mozilla/jss/tests/SSLClientAuth.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/org/mozilla/jss/tests/SSLClientAuth.java b/org/mozilla/jss/tests/SSLClientAuth.java
index 6f1fd2b12..bf270a634 100644
--- a/org/mozilla/jss/tests/SSLClientAuth.java
+++ b/org/mozilla/jss/tests/SSLClientAuth.java
@@ -28,7 +28,7 @@
     
     private CryptoManager cm;
     public static final SignatureAlgorithm sigAlg =
-            SignatureAlgorithm.RSASignatureWithSHA1Digest;
+            SignatureAlgorithm.RSASignatureWithSHA256Digest;
     
     /**
      * Method that generates a certificate for given credential