Bug 31538 - Changing self-signed certificates signature algorithm to SHA256
Summary: Changing self-signed certificates signature algorithm to SHA256
Alias: None
Product: Sisyphus
Classification: Development
Component: cert-sh-functions (show other bugs)
Version: unstable
Hardware: all Linux
: P3 enhancement
Assignee: Mikhail Efremov
QA Contact: qa-sisyphus
Depends on:
Reported: 2015-11-26 13:18 MSK by Nikolay A. Fetisov
Modified: 2015-12-04 19:37 MSK (History)
2 users (show)

See Also:

cert-sh-functions.patch (625 bytes, patch)
2015-11-26 13:25 MSK, Nikolay A. Fetisov
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Nikolay A. Fetisov 2015-11-26 13:18:02 MSK
Для cert-sh-functions-1.0.1-alt1 самоподписанные сертификаты создаются с использованием SHA1:

# . /usr/bin/cert-sh-functions
# ssl_generate test
# openssl x509 -in /var/lib/ssl/cert/test.cert -text | grep Signature
    Signature Algorithm: sha1WithRSAEncryption
    Signature Algorithm: sha1WithRSAEncryption

С учётом известных проблем с SHA1, по-видимому, имеет смысл заменить
его на SHA256.
Comment 1 Nikolay A. Fetisov 2015-11-26 13:25:25 MSK
Created attachment 6435 [details]
Comment 2 Repository Robot 2015-12-04 19:37:56 MSK
cert-sh-functions-1.0.2-alt1 -> sisyphus:

* Fri Dec 04 2015 Mikhail Efremov <sem@altlinux> 1.0.2-alt1
- Use SHA256 for certificates (thx naf@) (closes #31538).