cryptography icon indicating copy to clipboard operation
cryptography copied to clipboard

Published 20 hours ago verified publisher icon pyca

add centos stream 9 to ci

Open reaperhulk opened this issue 3 years ago • 2 comments

We have previously not added it due to issues with their OpenSSL patches, but let's see what we get this time.

reaperhulk avatar May 27 '22 21:05 reaperhulk

So the problem here is that some signatures are rejected, but there's not a programatic way to interrogate this. Is that right?

alex avatar Aug 25 '22 22:08 alex

Yeah, there are a set of additional constraints added by OS level policies that our tests don't understand. That likely explains almost every test failure, but there were also some test failures (before this latest rebase) that were related to patches CentOS/RHEL carried on that version of OpenSSL. I'm not super motivated to figure this out right now, although perhaps @tiran or someone else at RH is?

reaperhulk avatar Aug 26 '22 02:08 reaperhulk

We need a way to know sha1 is rejected for signatures, that we can programmatically interrogate, and then make use of in backend signature_hash_supported.

Without centos's openssl somehow exposing that (#define, function call, whatever), this won't be supported.

alex avatar Sep 27 '22 00:09 alex