| What | Removed | Added |
|---|---|---|
| CC | meissner@suse.com, pmonrealgonzalez@suse.com | |
| Assignee | pmonrealgonzalez@suse.com | otto.hollmann@suse.com |
Hi, certificates signed using SHA1 are no longer allowed at security level 1 and above in openssl-3 so its failing as expected. You may want to re-create them and use the default SHA256 for signing. Note that, there is an ongoing issue open upstream to add a configure option to enable SHA1 but its not yet implemented in the 3.0 version series or in 3.1 which is planned to be released today, see: * https://github.com/openssl/openssl/issues/17662 There is also a downstream working patch in Fedora that adds this: * https://gitlab.com/redhat/centos-stream/rpms/openssl/-/blob/c9s/0049-Selectively-disallow-SHA1-signatures.patch T think, we can explore this option. I'm assigning the bug to Otto and adding Marcus in CC.