Bug 149118
Summary: | PKCS7 verifier fails to recognize sha1WithRSAEncryption digestAlgorithm | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 3 | Reporter: | Derek Atkins <warlord> |
Component: | openssl | Assignee: | Tomas Mraz <tmraz> |
Status: | CLOSED NEXTRELEASE | QA Contact: | Brian Brock <bbrock> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 3.0 | CC: | shillman |
Target Milestone: | --- | Keywords: | FutureFeature |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.aet.tu-cottbus.de/rt2/Ticket/Display.html?id=1011 | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Enhancement | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2005-05-16 15:26:35 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Derek Atkins
2005-02-18 22:14:44 UTC
> Why hasn't Red Hat updated openssl in any significant way since RHL9?
The reason is the openssl changes ABI with almost every new release.
This would mean it would be necessary to maintain many older versions
for compatibility in every RHEL release. Also note that in time of
RHEL3 release it wouldn't be possible to release the openssl-0.9.7c.
a) this is a problem with all versions of Red Hat since RHL9 (as I said, this problems exists in all releases from RHL9 through RHEL4 plus all versions of Fedora Core -- it's not limited to EL3). b) There's no way you can say with a straight face that openssl-0.9.7c was released too soon for EL4, let alone any of the recent Fedora Core releases. c) If you look in the openssl RT ticket you can also see what code would need to be backported to add this functionality. d) Are there really ABI changes across 0.9.7[letter] releases? a) I don't argue about that only that you've reported it against RHEL3. b) No dispute about that either. You must simply understand that the amount of work which will be nice to be done for a new release is unlimited however the resources are definitely limited. d) Yes - sizes of various structures are changed, functions renamed. Note that these aren't API but ABI changes instead so recompiling will help but it's of no help when you don't have source available. In the current Fedora Core 4 Test 3 release we have already openssl-0.9.7f. If you want this feature backported to RHEL3 or RHEL4 use the paid support issue tracker to file the request. |