Skip to content
This repository has been archived by the owner on Oct 9, 2018. It is now read-only.

refs #10777 Use sha256 as default signing algorithm. #69

Merged
merged 1 commit into from Jun 11, 2015
Merged

refs #10777 Use sha256 as default signing algorithm. #69

merged 1 commit into from Jun 11, 2015

Conversation

rojspencer
Copy link

sha1 has been deprecated by many browsers and throws warnings when the
certificate expires after 12/31/2016.

sha256 should be good for awhile.

refs #10777 Use sha256 as default signing algorithm.
3e70d0d 
sha1 has been deprecated by many browsers and throws warnings when the
certificate expires after 12/31/2016.

sha256 should be good for awhile.
@ehelms
Copy link
Member

ehelms commented Jun 11, 2015

Did you have a test scenario to verify the change produces what you expect?

@rojspencer
Copy link
Author

I ran the following to confirm the signature algorithm:

openssl x509 -text -noout -in /path/to/certificate.crt

and looked for the "Signature Algorithm:" line to contain sha256WithRSAEncryption

Suppose an automated test could do something like

if ! openssl x509 -text -noout -in /path/to/certificate.crt | grep -q sha256WithRSAEncryption; then
   echo "Fail: Certificate not signed with sha256 algorithm"
fi

@ehelms
Copy link
Member

ehelms commented Jun 11, 2015

@rojspencer I will test this and merge/build to go out in nightly and 2.2 if all is well.

@ehelms
Copy link
Member

ehelms commented Jun 11, 2015

Tested and works, thanks @rojspencer !

ehelms added a commit that referenced this pull request Jun 11, 2015
@ehelms
Merge pull request #69 from rojspencer/master
96f14ff 
refs #10777 Use sha256 as default signing algorithm.
@ehelms ehelms merged commit 96f14ff into Katello:master Jun 11, 2015
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
2 participants
@rojspencer @ehelms