On 08/29/2017 05:25 PM, Daniel P. Berrange wrote:
With gnutls 3.6.0, SHA1 is no longer accepted for certificate
signatures. We must usw SHA256 instead.
Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com>
---
tests/virnettlshelpers.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tests/virnettlshelpers.c b/tests/virnettlshelpers.c
index 531d0b907..b735c4e2f 100644
--- a/tests/virnettlshelpers.c
+++ b/tests/virnettlshelpers.c
@@ -384,7 +384,7 @@ testTLSGenerateCert(struct testTLSCertReq *req,
* If no 'ca' is set then we are self signing
* the cert. This is done for the root CA certs
*/
- if ((err = gnutls_x509_crt_sign(crt, ca ? ca : crt, privkey)) < 0) {
+ if ((err = gnutls_x509_crt_sign2(crt, ca ? ca : crt, privkey, GNUTLS_DIG_SHA256, 0))
< 0) {
VIR_WARN("Failed to sign certificate %s", gnutls_strerror(err));
abort();
}
ACK and safe for the freeze.
Michal