Description of problem:
openswan does not support certificates signed with the SHA2 family
Version-Release number of selected component (if applicable):
Setup openswan with certificate authentication, certs are signed using SHA2
openswan fails to setup connection with "digest algorithm not supported"
openswan successfully sets up connection
Please apply 98e2372ccaab3c585029dede2f1f6c7240a3c354 from upstream and set USE_EXTRACRYPTO=true in the spec file. We have tested this locally.
Note if we do port the attached patch, it should OT use EXTRACRYPTO because that also drags in support for blowfish and serpent, which we do not want.
Instead, SHA2 should be decoupled from EXTRACRYPTO, as has been done already in upstream libreswan.
for QA: to test, generate at least one X.509 certificate that uses SHA2.
For an example, see: https://github.com/libreswan/libreswan/blob/master/testing/x509/dist_certs
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.