File crypto-policies-enable-SHA1-sigver-in-DEFAULT.patch of Package crypto-policies

Index: fedora-crypto-policies-20250714.cd6043a/policies/DEFAULT.pol
===================================================================
--- fedora-crypto-policies-20250714.cd6043a.orig/policies/DEFAULT.pol
+++ fedora-crypto-policies-20250714.cd6043a/policies/DEFAULT.pol
@@ -91,3 +91,6 @@ etm@SSH = ANY
 sign@RPM = DSA-SHA1+
 hash@RPM = SHA1+
 min_dsa_size@RPM = 1024
+
+# https://fedoraproject.org/wiki/Changes/OpenSSLDistrustSHA1SigVer
+__openssl_block_sha1_signatures = 0
Index: fedora-crypto-policies-20250714.cd6043a/tests/alternative-policies/DEFAULT.pol
===================================================================
--- fedora-crypto-policies-20250714.cd6043a.orig/tests/alternative-policies/DEFAULT.pol
+++ fedora-crypto-policies-20250714.cd6043a/tests/alternative-policies/DEFAULT.pol
@@ -86,6 +86,9 @@ sha1_in_certs = 0
 # SHA1 is still prevalent in DNSSec
 sha1_in_dnssec = 1
 
+# https://fedoraproject.org/wiki/Changes/OpenSSLDistrustSHA1SigVer
+__openssl_block_sha1_signatures = 0
+
 arbitrary_dh_groups = 1
 ssh_certs = 1
 ssh_etm = 1

Places

File crypto-policies-enable-SHA1-sigver-in-DEFAULT.patch of Package crypto-policies

Places