Bug 31538

Summary:

Changing self-signed certificates signature algorithm to SHA256

Product:

Sisyphus

Reporter:

Nikolay A. Fetisov <naf>

Component:

cert-sh-functions

Assignee:

Mikhail Efremov <sem>

Status:

CLOSED FIXED

QA Contact:

qa-sisyphus

Severity:

enhancement

Priority:

CC:

cas, mike

Version:

unstable

Hardware:

all

OS:

Linux

Attachments:

Description	Flags
cert-sh-functions.patch	none

Description Nikolay A. Fetisov 2015-11-26 13:18:02 MSK

Для cert-sh-functions-1.0.1-alt1 самоподписанные сертификаты создаются с использованием SHA1:

# . /usr/bin/cert-sh-functions
# ssl_generate test
# openssl x509 -in /var/lib/ssl/cert/test.cert -text | grep Signature
    Signature Algorithm: sha1WithRSAEncryption
    Signature Algorithm: sha1WithRSAEncryption


С учётом известных проблем с SHA1, по-видимому, имеет смысл заменить
его на SHA256.

Comment 1 Nikolay A. Fetisov 2015-11-26 13:25:25 MSK

Created attachment 6435 [details]
cert-sh-functions.patch

Comment 2 Repository Robot 2015-12-04 19:37:56 MSK

cert-sh-functions-1.0.2-alt1 -> sisyphus:

* Fri Dec 04 2015 Mikhail Efremov <sem@altlinux> 1.0.2-alt1
- Use SHA256 for certificates (thx naf@) (closes #31538).