Bug 38213 - Используется устаревший алгоритм md5
Summary: Используется устаревший алгоритм md5
Status: CLOSED FIXED
Alias: None
Product: Sisyphus
Classification: Development
Component: cert-sh-functions (show other bugs)
Version: unstable
Hardware: x86_64 Linux
: P5 normal
Assignee: Andrey Cherepanov
QA Contact: qa-sisyphus
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2020-03-12 17:03 MSK by Antonov Alexander
Modified: 2020-03-24 19:19 MSK (History)
3 users (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Antonov Alexander 2020-03-12 17:03:39 MSK
При генерации сертификата для openvpn сервера используется устаревший алгоритм: md5WithRSAEncryption

Из за этого запуск openvpn сервера средствами альтератора не возможен:
мар 12 16:13:23 workstation-9-i586 openvpn[31245]: Diffie-Hellman initialized with 1024 bit key
мар 12 16:13:23 workstation-9-i586 openvpn[31245]: OpenSSL: error:140AB18E:SSL routines:SSL_CTX_use_certificate:ca md too weak
мар 12 16:13:23 workstation-9-i586 openvpn[31245]: Cannot load certificate file /var/lib/ssl/certs/openvpn-server.cert


openssl x509 -in /var/lib/ssl/certs/openvpn-server.cert -text -noout
Certificate:
    Data:
        Version: 1 (0x0)
        Serial Number: 3 (0x3)
        Signature Algorithm: md5WithRSAEncryption
        Issuer: C = RU, O = test, OU = test Certification Authority, CN = test Root Certification Authority
        Validity
            Not Before: Mar 12 13:29:40 2020 GMT
            Not After : Mar 12 13:29:40 2021 GMT
        Subject: C = RU, O = openvpn-server-test, OU = openvpn-server-test, CN = openvpn-server-test
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:39:ef:09:34:f4:12:88:d5:e5:25:5c:c7:04:
                    4a:e1:7d:67:b0:72:3f:94:a1:bf:1e:9c:45:20:73:
                    01:f7:ab:aa:0b:18:f0:1a:59:ff:62:21:31:3c:7a:
                    6a:2d:eb:25:08:26:0b:23:48:8d:9c:c4:74:0f:75:
                    ed:e0:33:d0:39:33:c8:cb:cf:1e:ce:27:40:b2:0b:
                    3a:74:72:72:b5:a0:0c:dd:e9:3b:cd:d1:c2:bc:a2:
                    6b:1b:73:b0:54:f4:f2:2b:89:60:57:28:6a:d7:e3:
                    93:06:92:23:ab:a1:bb:b2:b2:9b:d1:07:92:8c:f9:
                    d4:33:fe:80:d4:69:e7:7b:73:14:7a:1e:48:1b:1c:
                    f4:74:0a:8f:0a:9a:6f:3a:42:3e:85:1e:62:7b:70:
                    f1:58:9d:86:0c:ac:fd:73:2b:db:73:e5:10:62:ab:
                    a7:b4:b4:4b:70:c5:82:ed:f1:ad:78:f7:52:1f:f3:
                    a7:b4:05:8b:52:8c:0e:49:df:76:cd:f6:cf:95:99:
                    9e:6e:b8:c1:1f:3c:64:b7:a3:2e:ef:18:75:4b:dc:
                    96:26:43:28:39:59:90:b0:1e:3e:13:fb:4a:17:b2:
                    36:33:c1:f0:9e:b0:c9:9b:a3:a9:c7:2a:24:d4:8b:
                    1e:ed:59:f7:cf:a2:fa:4d:1a:a0:1a:57:2d:c0:23:
                    d2:09
                Exponent: 65537 (0x10001)
    Signature Algorithm: md5WithRSAEncryption
         98:4d:44:49:20:48:62:c1:6d:c1:42:ba:4b:5f:86:46:82:1e:
         e8:86:71:fd:f8:4f:9e:1b:86:52:1c:c3:c3:69:97:1e:27:58:
         a6:7f:94:e5:f5:b7:89:68:ae:9a:c1:bd:1b:67:bc:d2:5b:fa:
         47:ad:0e:97:6d:44:89:73:c8:1a:97:6b:92:df:b6:93:a5:95:
         f6:fc:06:38:0f:7e:59:2f:d7:1c:e6:aa:ae:5a:e2:ee:61:51:
         76:fa:c5:bf:e4:88:b4:91:c4:f7:82:57:0d:04:ff:c3:3c:87:
         e5:b0:4d:cf:f6:3d:04:ec:6c:be:d6:e1:07:fd:34:22:28:2a:
         51:29
Comment 1 Repository Robot 2020-03-13 13:05:03 MSK
cert-sh-functions-1.0.6-alt1 -> sisyphus:

 Fri Mar 13 2020 Andrey Cherepanov <cas@altlinux> 1.0.6-alt1
 - Use sha256 algorithm for cert generate for request (ALT #38213).
Comment 2 Antonov Alexander 2020-03-24 17:02:35 MSK
Проблема остается открытой, исправление не помогло решить проблему с устаревшим алгоритмом.
Comment 3 Slava Aseev 2020-03-24 19:12:24 MSK
Поправил:
http://webery.altlinux.org/task/248434

Жду подтверждения от @cas
Comment 4 Repository Robot 2020-03-24 19:12:30 MSK
alterator-ca-0.5.7-alt1 -> sisyphus:

 Tue Mar 24 2020 Slava Aseev <ptrnine@altlinux> 0.5.7-alt1
 - Use sha256 default_md (Closes: #38213)
Comment 5 Slava Aseev 2020-03-24 19:19:22 MSK
А, там @everybody был

p9: http://webery.altlinux.org/task/248436