Bug 2296273

Summary: Make OpenSSL distrust SHA-1 signatures by default
Product: [Fedora] Fedora Reporter: Aoife Moloney <amoloney>
Component: Changes TrackingAssignee: Alexander Sosedkin <asosedki>
Status: ON_QA --- QA Contact:
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: rawhideCC: asosedki
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: crypto-policies-20240717-1.git154fd4e.fc41 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2233686, 2301344    

Description Aoife Moloney 2024-07-08 11:52:09 UTC 
This is a tracking bug for Change: Make OpenSSL distrust SHA-1 signatures by default
For more details, see: https://fedoraproject.org/wiki/Changes/OpenSSLDistrustSHA1SigVer

OpenSSL will no longer trust cryptographic signatures using SHA-1 by default, starting from Fedora 41.

If you encounter a bug related to this Change, please do not comment here. Instead create a new bug and set it to block this bug.
Comment 1 Aoife Moloney 2024-08-21 13:39:44 UTC 
Hi @asosedki, do you have an update on this change? Its due to be code complete before we enter Beta freeze next Tuesday 27th august. Is this still on track for F41, or do you need to re-target to F42?

Thanks,
Aoife
Comment 2 Alexander Sosedkin 2024-08-21 13:49:22 UTC 
The change has been implemented and landed in f41 rawhide in July; the first build that contains it is crypto-policies-20240717-1.git154fd4e.fc41
Comment 3 Aoife Moloney 2024-08-21 14:01:00 UTC 
Amazing, thank you very much Aleksander! And thank you for adjusting the bug status too, much appreciated.
Comment 4 Aoife Moloney 2024-08-26 17:04:22 UTC 
Updating bug status to reflect the change is complete.