libreswan/SOURCES/libreswan-3.32-1861360-nodefault-rsa-pss.patch

diff -Naur libreswan-3.32-orig/lib/libipsecconf/confread.c libreswan-3.32/lib/libipsecconf/confread.c
--- libreswan-3.32-orig/lib/libipsecconf/confread.c	2020-07-28 20:25:54.618261606 -0400
+++ libreswan-3.32/lib/libipsecconf/confread.c	2020-07-28 20:28:03.952421236 -0400
@@ -1498,9 +1498,14 @@
 			} else if (streq(val, "rsasig") || streq(val, "rsa")) {
 				conn->policy |= POLICY_RSASIG;
 				conn->policy |= POLICY_RSASIG_v1_5;
+				/*
+				 * These cause failure with RSA 1024 bits because it uses RSA-PSS
+				 */
+#if 0
 				conn->sighash_policy |= POL_SIGHASH_SHA2_256;
 				conn->sighash_policy |= POL_SIGHASH_SHA2_384;
 				conn->sighash_policy |= POL_SIGHASH_SHA2_512;
+#endif
 			} else if (streq(val, "never")) {
 				conn->policy |= POLICY_AUTH_NEVER;
 			/* everything else is only supported for IKEv2 */