From: v.ondruch@... Date: 2014-08-28T11:17:46+00:00 Subject: [ruby-core:64607] [ruby-trunk - Bug #9154] Support for OpenSSL with MD5 disabled for certificate verification Issue #9154 has been updated by Vit Ondruch. Assignee changed from Martin Bosslet to Usaku NAKAMURA This seems to be fixed by r46899, r46903 and r46904, backported for Ruby 2.1 by r46908, but it would be nice to have this also in Ruby 2.0, since that is the version officially shipped with RHEL/CentOS 7. ---------------------------------------- Bug #9154: Support for OpenSSL with MD5 disabled for certificate verification https://bugs.ruby-lang.org/issues/9154#change-48526 * Author: Vit Ondruch * Status: Open * Priority: Normal * Assignee: Usaku NAKAMURA * Category: * Target version: * ruby -v: ruby 2.0.0p247 (2013-06-27) [x86_64-linux] * Backport: 1.9.3: UNKNOWN, 2.0.0: UNKNOWN ---------------------------------------- =begin In Fedora Rawhide, there was disable support for verification of certificate, CRL, and OCSP signatures using MD5 in OpenSSL [1, 2], therefore I observe following test errors: 7) Error: test_sign_and_verify(OpenSSL::TestX509Request): OpenSSL::X509::RequestError: unknown message digest algorithm /builddir/build/BUILD/ruby-2.0.0-p247/test/openssl/test_x509req.rb:111:in `verify' /builddir/build/BUILD/ruby-2.0.0-p247/test/openssl/test_x509req.rb:111:in `test_sign_and_verify' 8) Error: test_sign_and_verify(OpenSSL::TestX509Certificate): OpenSSL::X509::CertificateError: unknown message digest algorithm /builddir/build/BUILD/ruby-2.0.0-p247/test/openssl/test_x509cert.rb:140:in `verify' /builddir/build/BUILD/ruby-2.0.0-p247/test/openssl/test_x509cert.rb:140:in `test_sign_and_verify' I was suggested by OpenSSL maintainer, that MD5 is obsolete and for modernization, it would be more useful to test SHA256 instead of MD5 for example. Any chance to make this test could pass out of the box and support more modern hashing algorithms? [1] http://pkgs.fedoraproject.org/cgit/openssl.git/commit/?id=dcd0fb1ec9e2ef9bace5473cb3924a8d867ce84b [2] http://pkgs.fedoraproject.org/cgit/openssl.git/commit/?id=9caf868063fd085ed4b2246f5f8dde91873d1c15 =end -- https://bugs.ruby-lang.org/