https://bugzilla.suse.com/show_bug.cgi?id=1221531 https://bugzilla.suse.com/show_bug.cgi?id=1221531#c36 --- Comment #36 from Paul Tannington <paul.pgp-7@gmx.com> --- (In reply to Pedro Monreal Gonzalez from comment #31)
The DEFAULT policy in crypto-policies does not allow SHA-1 signatures but the LEGACY one does allow it. Could somebody test if switching to LEGACY helps?:
sudo update-crypto-policies --set LEGACY
Note that, this command is shipped by the crypto-policies-scripts package.
If it help, I would force using the LEGACY policy only in mozilla-nss by default for now in crypto-policies and submit in a moment.
TIA
Additionally: With crypto policies set to legacy and after forcing FF to validate add on signature(s) by setting "app.update.lastUpdateTime.xpi-signature-verification" = 0 and restarting FF, upon restart signature verification is OK. (One can check that verification has indeed taken place by looking at the value of "app.update.lastUpdateTime.xpi-signature-verification"). -- You are receiving this mail because: You are on the CC list for the bug.