The SHA1 crypto-module can be used to allow verifying SHA-1-signed CMS data with the DEFAULT crypto-policy. However the SHA1 crypto-module has no effect with the FIPS crypto-policy. This is an issue especially when we have to verify CMS signatures from Active Directory, which is still using SHA-1 for CMS signatures when using modular exponential-based Diffie-Hellman key exchange.
Fedora pull request: https://src.fedoraproject.org/rpms/krb5/pull-request/36
FEDORA-2023-5cd7789569 has been submitted as an update to Fedora 39. https://bodhi.fedoraproject.org/updates/FEDORA-2023-5cd7789569
FEDORA-2023-5cd7789569 has been pushed to the Fedora 39 stable repository. If problem still persists, please make note of it in this bug report.
FEDORA-2023-f7841e7a29 has been submitted as an update to Fedora 38. https://bodhi.fedoraproject.org/updates/FEDORA-2023-f7841e7a29
FEDORA-2023-f7841e7a29 has been pushed to the Fedora 38 stable repository. If problem still persists, please make note of it in this bug report.