af554a80d1
The content of this branch was automatically imported from Fedora ELN with the following as its source: https://src.fedoraproject.org/rpms/jss#8d0f659a7b9ac2d0ee7ab02be0de758a28f0b46a
50 lines
2.4 KiB
Diff
50 lines
2.4 KiB
Diff
From 1fb6097a2ab73ef897d011e7383d7f5f1bf6a1df Mon Sep 17 00:00:00 2001
|
|
From: Alexander Scheel <ascheel@redhat.com>
|
|
Date: Wed, 1 Jul 2020 12:41:20 -0400
|
|
Subject: [PATCH] Replace SHA-1 signature with SHA-256
|
|
|
|
A recent change in Fedora Rawhide's crypto-policies package caused
|
|
failures in the tests like the following:
|
|
|
|
Exception in thread "main" java.io.IOException: SocketException cannot read on socket: Error reading from socket: (-12271) SSL peer cannot verify your certificate.
|
|
at org.mozilla.jss.ssl.SSLSocket.read(SSLSocket.java:1494)
|
|
at org.mozilla.jss.ssl.SSLInputStream.read(SSLInputStream.java:38)
|
|
at org.mozilla.jss.ssl.SSLInputStream.read(SSLInputStream.java:25)
|
|
at org.mozilla.jss.tests.SSLClientAuth.run(SSLClientAuth.java:435)
|
|
at java.lang.Thread.run(Thread.java:748)
|
|
Caused by: org.mozilla.jss.ssl.SSLSocketException: Error reading from socket: (-12271) SSL peer cannot verify your certificate.
|
|
at org.mozilla.jss.ssl.SSLSocket.socketRead(Native Method)
|
|
at org.mozilla.jss.ssl.SSLSocket.read(SSLSocket.java:1488)
|
|
... 4 more
|
|
Server exiting
|
|
org.mozilla.jss.ssl.SSLSocketException: SSL_ForceHandshake failed: (-8016) Unknown error
|
|
at org.mozilla.jss.ssl.SSLSocket.forceHandshake(Native Method)
|
|
at org.mozilla.jss.tests.SSLClientAuth.testConnection(SSLClientAuth.java:345)
|
|
at org.mozilla.jss.tests.SSLClientAuth.doIt(SSLClientAuth.java:156)
|
|
at org.mozilla.jss.tests.SSLClientAuth.main(SSLClientAuth.java:90)
|
|
|
|
This was caused by dropping SHA-1 as an allowed hash during handshakes.
|
|
However, because SSLClientAuth manually generated its certificate (and
|
|
explicitly asked for SHA-1), it failed.
|
|
|
|
Switch to SHA-256 instead.
|
|
|
|
Signed-off-by: Alexander Scheel <ascheel@redhat.com>
|
|
---
|
|
org/mozilla/jss/tests/SSLClientAuth.java | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
diff --git a/org/mozilla/jss/tests/SSLClientAuth.java b/org/mozilla/jss/tests/SSLClientAuth.java
|
|
index 6f1fd2b12..bf270a634 100644
|
|
--- a/org/mozilla/jss/tests/SSLClientAuth.java
|
|
+++ b/org/mozilla/jss/tests/SSLClientAuth.java
|
|
@@ -28,7 +28,7 @@
|
|
|
|
private CryptoManager cm;
|
|
public static final SignatureAlgorithm sigAlg =
|
|
- SignatureAlgorithm.RSASignatureWithSHA1Digest;
|
|
+ SignatureAlgorithm.RSASignatureWithSHA256Digest;
|
|
|
|
/**
|
|
* Method that generates a certificate for given credential
|