| Summary: | openswan doesn't support SHA2 certificates | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 6 | Reporter: | Joshua Roys <roysjosh> |
| Component: | openswan | Assignee: | Paul Wouters <pwouters> |
| Status: | CLOSED ERRATA | QA Contact: | Ondrej Moriš <omoris> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 6.3 | CC: | david.keatts, eparis, ksrot, omoris, pwouters |
| Target Milestone: | rc | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2013-11-21 23:43:46 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
|
Description
Joshua Roys
2012-11-29 18:47:41 UTC
Note if we do port the attached patch, it should OT use EXTRACRYPTO because that also drags in support for blowfish and serpent, which we do not want. Instead, SHA2 should be decoupled from EXTRACRYPTO, as has been done already in upstream libreswan. for QA: to test, generate at least one X.509 certificate that uses SHA2. For an example, see: https://github.com/libreswan/libreswan/blob/master/testing/x509/dist_certs Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2013-1718.html |