https://bugzilla.suse.com/show_bug.cgi?id=1221531
https://bugzilla.suse.com/show_bug.cgi?id=1221531#c36
--- Comment #36 from Paul Tannington
The DEFAULT policy in crypto-policies does not allow SHA-1 signatures but the LEGACY one does allow it. Could somebody test if switching to LEGACY helps?:
sudo update-crypto-policies --set LEGACY
Note that, this command is shipped by the crypto-policies-scripts package.
If it help, I would force using the LEGACY policy only in mozilla-nss by default for now in crypto-policies and submit in a moment.
TIA
Additionally: With crypto policies set to legacy and after forcing FF to validate add on signature(s) by setting "app.update.lastUpdateTime.xpi-signature-verification" = 0 and restarting FF, upon restart signature verification is OK. (One can check that verification has indeed taken place by looking at the value of "app.update.lastUpdateTime.xpi-signature-verification"). -- You are receiving this mail because: You are the assignee for the bug.