#31538 – Changing self-signed certificates signature algorithm to SHA256

Bug 31538 - Changing self-signed certificates signature algorithm to SHA256

Summary: Changing self-signed certificates signature algorithm to SHA256

Status:	CLOSED FIXED

Alias:	None

Product:	Sisyphus
Classification:	Development
Component:	cert-sh-functions (show other bugs)
Version:	unstable
Hardware:	all Linux

Importance:	P3 enhancement
Assignee:	Mikhail Efremov
QA Contact:	qa-sisyphus

URL:
Keywords:

Depends on:
Blocks:

Reported:	2015-11-26 13:18 MSK by Nikolay A. Fetisov
Modified:	2015-12-04 19:37 MSK (History)
CC List:	2 users (show)

See Also:

Attachments
cert-sh-functions.patch (625 bytes, patch) 2015-11-26 13:25 MSK, Nikolay A. Fetisov	no flags	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Nikolay A. Fetisov 2015-11-26 13:18:02 MSK

Для cert-sh-functions-1.0.1-alt1 самоподписанные сертификаты создаются с использованием SHA1:

# . /usr/bin/cert-sh-functions
# ssl_generate test
# openssl x509 -in /var/lib/ssl/cert/test.cert -text | grep Signature
    Signature Algorithm: sha1WithRSAEncryption
    Signature Algorithm: sha1WithRSAEncryption


С учётом известных проблем с SHA1, по-видимому, имеет смысл заменить
его на SHA256.

Comment 1 Nikolay A. Fetisov 2015-11-26 13:25:25 MSK

Created attachment 6435 [details]
cert-sh-functions.patch

Comment 2 Repository Robot 2015-12-04 19:37:56 MSK

cert-sh-functions-1.0.2-alt1 -> sisyphus:

* Fri Dec 04 2015 Mikhail Efremov <sem@altlinux> 1.0.2-alt1
- Use SHA256 for certificates (thx naf@) (closes #31538).