Hi Andre,
Well, md5 would be awful. "default" is a synonym of "sha1", but it was only added in openssl 0.9.9 it seems (which we don't have on SLE11 SP3). Sigh. I'll fix it. thanks. How do you want to fix that? Upgrade openssl?
I think thats out of question atm.
Change the corresponding lines in the keystone source?
I'll fix keystone pki_setup to not use default_md = default (but sha1) when that one seems to be unsupported by the underlying openssl. I've not yet found a catchy way to detect that it is the "broken" openssl yet, but I'll look into it.
If that's your choice, have a deeper look on nova which also uses sha1, just like python-keystoneclient and so on.
I know about those issues. On my todo as well (but very low). We should not use md5 anywhere.. Greetings, Dirk -- To unsubscribe, e-mail: opensuse-cloud+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-cloud+owner@opensuse.org