Bug 2135933

Summary: Unbound cannot enable validation of SHA-1 signatures runtime [rhel-9.2.0]
Product: Red Hat Enterprise Linux 9 Reporter: Petr Menšík <pemensik>
Component: unboundAssignee: Petr Menšík <pemensik>
Status: NEW --- QA Contact: rhel-cs-infra-services-qe <rhel-cs-infra-services-qe>
Severity: high Docs Contact: Šárka Jana <sjanderk>
Priority: high    
Version: 9.2CC: jjelen, omejzlik, pemensik, pgm-rhel-tools, psklenar
Target Milestone: rcKeywords: Triaged
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: No Doc Update
Doc Text:
Story Points: ---
Clone Of: 2071543 Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2070495, 2071543, 2087120    
Bug Blocks: 2077909    

Comment 2 Petr Menšík 2022-10-18 20:54:47 UTC
There still remains non-working switching to validation of SHA-1 based signatures when the crypto-policy is switched to LEGACY or DEFAULT:SHA1. My proposal to upstream has been accepted, but I failed to notice unittests are reliably failing with SHA-1 enabled during the build on RHEL 9 and Fedora ELN.

It requires compared to 9.1.0 version just removal of --disable-sha1 parameter during build. But then it needs working fix for unittest. I don't want to disable them to build the package, I expect they report some valuable failures, which needs to be addressed first.